Cryptographic communication method, encryption algorithm shared control method, encryption algorithm conversion method and network communication system

ABSTRACT

An operating encryption algorithm is converted to another encryption algorithm. When different encryption algorithms are operated by a personal computer  100  for use by a group A and a personal computer  200  for use by group B, an encryption algorithm, operated by the personal computer  100  is encrypted by the personal computer  100  with the encryption algorithm operated by the personal computer  200  and transmitted to the personal computer  200.

RELATED APPLICATIONS

[0001] This application is a continuation application of U.S. patentapplication Ser. No. 09/365,446, filed on Aug. 2, 1999, which in turnclaims the benefit of priority from Japanese Patent Application No.10-217732, filed on Jul. 31, 1998, the entirety of which areincorporated herein by reference.

BACKGROUND OF THE INVENTION

[0002] 1. Field of the Invention

[0003] The present invention relates to cryptographic communicationmethod, encryption algorithm shared control method and networkcommunication system for converting encryption algorithm forcryptographic communication to other encryption algorithm, and moreparticularly to cryptographic communication method, encryption algorithmshared control method and network communication system suitable forsharing the same encryption algorithm as encryption algorithm operatedby a plurality of users and changing the shared encryption algorithm toother encryption algorithm.

[0004] 2. Description of Related Art

[0005] As a means for securing the safety of information transmission, amethod of transmitting encrypted information is generally employed.Because of recent advancement of performance of a personal computer, ina case where information to be transmitted is digital information suchas document and video, often such information is encrypted on softwarebasis. If a user U[A] carries out cryptographic communication with auser U[B], the user U[A] encrypts transmission information with anencryption key and transmits that encrypted data. On the other hand, theuser U[B] receives this data and decrypts that received data with adecryption key. This cryptographic communication can be established on apresumption that the user U[A] and user U[B] share the same encryptionalgorithm. Usually, the encryption algorithm is shared by the followingmanners. The encryption algorithm is recorded in a recording medium suchas a floppy disk by an encryption system manager and distributed to eachuser. Or the encryption algorithm is installed in an informationprocessing unit having encryption processing function such that it canbe executed and the information processing unit is distributed.

[0006] As for a method for operating the encryption algorithm, toimprove the cipher security, not only a scramble key is generated as akey for encrypting information, but also a session key for encryptingthis scramble key is generated. Then, duplex encryption method isemployed so that user U[A] transmits information encrypted with thescramble key and the scramble key encrypted with the session key to userU[B]. Each time when cryptographic communication occurs, the scramblekey is changed.

SUMMARY OF THE INVENTION

[0007] However, in the above described encryption method, the followingproblem arises.

[0008] (1) If the transmission side and the reception side use differentoperating algorithms, cryptographic communication cannot be carried out.Therefore, a necessity of distributing an encryption algorithm of one ofthe transmission side and the reception side to the other side occurs.

[0009] However, the above described method of recording the encryptionalgorithm in a recording medium and distributing it to each user andmethod of distributing an information processing unit having anencryption function in which the encryption algorithm is installed sothat it can be executed requires time for distribution because thedistribution is carried out by transportation or the like. If theencryption algorithm is distributed to each user, an encryptionprocessing unit in which the encryption algorithm is installed isconnected to a unit having a communication function so as to construct asystem, and whether or not the cryptographic communication is enabled isverified on function basis. Because this functional verification iscarried out with communication between users, time and labor are needed.

[0010] (2) As a method for improving the encryption security, a methodof operating the encryption algorithm by periodically changing it can beconsidered by this inventor. For example, if the encryption algorithm ofthe session key in the above mentioned duplex encryption method ischanged periodically, the security can be expected to be improved.

[0011] However, for this purpose, the encryption algorithm to be changedneeds to be distributed to each user. However, if distribution of thisencryption algorithm is carried out in the same manner as (1), time andlabor are needed thereby the efficiency being lower.

[0012] (3) With a recent progress of information appliance such as apersonal computer, information processing speed has been improved everyyear. The intensity of the encryption algorithm needs to be so strongthat information is not decrypted within its effective limit even if anattack is made to decrypt with such information appliance.

[0013] Therefore, the intensity of the encryption algorithm needs to beset corresponding to the information processing speed of the informationappliance of a day in which it is used and changed to an encryptionalgorithm whose intensity is higher. Thus, a distribution method for anencryption algorithm having an excellent efficiency is needed like above(2).

[0014] (4) The inventor of the present invention has considered a methodfor constructing a cryptographic communication system in which aplurality of users are connected to a station for managing the key foroperating the encryption algorithm. However, if a plurality of theencryption algorithms exist in the cryptographic communication systemand the encryption algorithms are periodically updated, this systemrequires such a complicated system operating function for grasping theencryption algorithms of each user, distributing the same algorithm soas to be shared if the algorithms of users about to communicate witheach other are different, if the user is changing the algorithm,suspending the cryptographic communication with the user whose algorithmis being changed. If the distribution method for the encryptionalgorithm of (1) is applied, not only time and labor are needed, butalso it is difficult to grasp the condition of the encryption algorithmof each user at real time, so that there is a fear that thecryptographic communication system is disturbed thereby an effectivesystem operation being obstructed.

[0015] (5) If the encryption algorithm is changed, a key for use by theuser may not correspond to that encryption algorithm to be changed. If acommon key encryption algorithm is changed to a public key encryptionalgorithm or conversely if the public key encryption algorithm ischanged to the common key encryption algorithm, there is a problem thatthe key for use by the user cannot be used for the changed encryptionalgorithm.

[0016] If the encryption algorithm is changed to an encryption algorithmhaving a high intensity, usually, the key length for use is prolonged.Therefore, if the key for use by the user can be used under the changedencryption algorithm, there is a problem that the intensity of theencryption is not increased if the same key length is used.

[0017] Accordingly, the present invention has been made in views of theabove problems and therefore, it is an object of the invention toprovide a cryptographic communication method, encryption algorithmsharing management method, encryption algorithm conversion method, andnetwork communication system capable of distributing an encryptionalgorithm with the safety and converting it in a state that time andlabor required therefor are reduced.

[0018] It is another object of the invention to provide a cryptographiccommunication method, encryption algorithm sharing management method,encryption algorithm conversion method and network communication systemin which encryption algorithms operated by a plurality of users sharethe same encryption algorithm as a result of the encryption algorithmconversion and preferable for changing the shared encryption algorithmto other encryption algorithm.

[0019] To achieve the above object, according to a first aspect of thepresent invention, there is provided a cryptographic communicationmethod wherein when different encryption algorithms are operated at atransmission side and a reception side, the transmission side encryptsan encryption algorithm operated at the transmission side with anencryption algorithm operated at the reception side and transmits theencrypted algorithm to the reception side.

[0020] According to a second aspect of the present invention, there isprovided a cryptographic communication method wherein information onencryption algorithm operated at a transmission side and information onan encryption algorithm operated at a reception side are obtained fromthe transmission side and when different encryption algorithms areoperated at the transmission side and the reception side, an encryptionalgorithm operated at the transmission side is encrypted with anencryption algorithm operated at the reception side and transmitted tothe reception side.

[0021] According to a third aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; and querying a data base in which a correspondencebetween the user identifier indicating the user and the encryptionalgorithm operated by the user is preliminarily described about eachuser and then retrieving encryption algorithm operated by the user ofthe transmission side and the encryption algorithm operated by the userof the reception side, wherein if the encryption algorithm operated bythe user of the transmission side is different from the encryptionalgorithm operated by the user of the reception side, data indicatingthe encryption algorithm operated by the user of the transmission sideis encrypted with the encryption algorithm operated by the user of thereception side and transmitted to the user of the reception side.

[0022] According to a fourth aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; querying a data base in which a correspondencebetween the user identifier indicating the user, an encryption algorithmoperated by the user and an encryption key thereof is preliminarilydescribed about each user so as to obtain the encryption algorithmoperated by the user of the transmission side and the encryption keythereof and the encryption algorithm operated by the user of thereception side and the encryption key thereof, wherein if the encryptionalgorithm operated by the user of the transmission side is differentfrom the encryption algorithm operated by the user of the receptionside, data indicating the encryption algorithm operated by the user ofthe transmission side and encryption key produced based on theencryption key operated by the user of the reception side correspondingto a key length of the encryption algorithm is encrypted with theencryption algorithm operated by the user of the reception side andtransmitted to the user of the reception side.

[0023] According to a fifth embodiment of the present invention, thereis provided an encryption algorithm sharing management method forsharing an encryption algorithm for cryptographic communication,comprising the steps of: from a user of a transmission side, obtaining auser identifier indicating the user and a user identifier indicating auser of a reception side; and querying a data base in which acorrespondence between user identifier indicating the user, anencryption algorithm operated by the user and an encryption key thereofis preliminarily described about each user so as to obtain theencryption algorithm operated by the user of the transmission side andthe encryption key thereof and the encryption algorithm operated by theuser of the reception side and the encryption key thereof, wherein ifthe encryption algorithm operated by the user of the transmission sideis different from the encryption algorithm operated by the user of thereception side, signature data produced for the encryption key operatedby the user of the transmission side is transmitted to the user of thetransmission side and data obtained by encrypting the encryptionalgorithm operated by the user of the transmission side with theencryption algorithm operated by the user of the reception side andsignature data produced for an encryption key operated by the user ofthe reception side are transmitted to the user of the reception side.

[0024] According to a sixth aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; and querying a data base in which a correspondencebetween the user identifier indicating the user, an encryption algorithmoperated by the user and an encryption key thereof is preliminarilydescribed about each user so as to obtain an encryption algorithmoperated by the user of the transmission side and an encryption keythereof and an encryption algorithm operated by the user of thereception side and an encryption key thereof, wherein if the encryptionalgorithm operated by the user of the transmission side is differentfrom the encryption algorithm operated by the user of the receptionside, signature data produced for the encryption key operated by theuser of the transmission side is transmitted to the user of thetransmission side and data indicating the encryption algorithm operatedby the user of the transmission side and encryption key produced basedon the encryption key operated by the user of the reception sidecorresponding to a key length of the encryption algorithm is encryptedwith the encryption algorithm operated by the user of the reception sideand transmitted to the user of the reception side with the signaturedata produced corresponding to the encryption key operated by the userof the reception side.

[0025] According to a seventh aspect of the present invention, there isprovided Network communication system composed by connecting a pluralityof users, comprising at least an encryption key management station to beconnected from a user of a transmission side, the encryption keymanagement station obtaining, from the user of the transmission side,information indicating an encryption algorithm operated by the user andinformation indicating an encryption algorithm operated by a user of areception side and if different encryption algorithms are operated bythe users of the transmission side and the reception side, encryptingthe encryption algorithm operated by the user of the transmission sidewith the encryption algorithm operated by the user of reception side andtransmitting it to the user of the reception side.

[0026] According to an eighth aspect of the present invention, there isprovided network communication system composed by connecting a pluralityof users, comprising at least an encryption key management station to beconnected from a user of a transmission side, the encryption keymanagement station comprising data base in which a correspondencebetween a user identifier indicating the user and an encryptionalgorithm operated by the user is preliminarily described about eachuser;

[0027] wherein when a communication is carried out from the user of thetransmission side to a user of a reception side, a user identifierindicating the user and a reception side user identifier are obtainedfrom the user of the transmission side and the data base is queried withthe obtained identifier as a key so as to obtain an encryption algorithmoperated by the user of the transmission side and an encryptionalgorithm operated by the user of the reception side, and

[0028] if the encryption algorithm operated by the user of thetransmission side is different from the encryption algorithm operated bythe user of the reception side, the encryption algorithm operated by theuser of the transmission side is encrypted with the encryption algorithmoperated by the user of the reception side and transmitted to the userof the reception side.

[0029] According to a ninth aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; querying a data base in which a correspondencebetween the user identifier indicating the user and an encryptionalgorithm operated by the user is preliminarily described about eachuser so as to retrieve an encryption algorithm operated by the user ofthe transmission side and an encryption algorithm operated by the userof the reception side; and if the encryption algorithm operated by theuser of the transmission side is different from the encryption algorithmoperated by the user of the reception side, data indicating theencryption algorithm operated by the user of the transmission side isencrypted with the encryption algorithm operated by the user of thereception side and transmitted to the user of reception side.

[0030] According to a tenth aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; and querying a data base in which a correspondencebetween the user identifier indicating the user, an encryption algorithmoperated by the user and an encryption key is preliminarily describedabout each user so as to obtain the encryption algorithm operated by theuser of the transmission side and an encryption key thereof and theencryption algorithm operated by the user of the reception side and anencryption key, wherein if the encryption algorithm operated by the userof the transmission side is different from the encryption algorithmoperated by the user of the reception side, data indicating theencryption algorithm operated by the user of the transmission side andthe encryption key produced based on an encryption key operated by theuser of the reception side corresponding to a key length of theencryption algorithm is encrypted with the encryption algorithm operatedby the user of reception side and transmitted to the user of thereception side.

[0031] According to an eleventh aspect of the present invention, thereis provided an encryption algorithm sharing management method forsharing an encryption algorithm for cryptographic communication,comprising the steps of: from a user of a transmission side, obtaining auser identifier indicating the user and a user identifier indicating auser of a reception side; and querying a data base in which acorrespondence between the user identifier indicating the user, anencryption algorithm operated by the user and an encryption key ispreliminarily described about each user so as to obtain the encryptionalgorithm operated by the user of the transmission side and theencryption key thereof and the encryption algorithm operated by the userof the reception side and encryption key thereof, wherein if theencryption algorithm operated by the user of the transmission side isdifferent from the encryption algorithm operated by the user of thereception side, signature data produced for an encryption key operatedby the user of the transmission side is transmitted to the user of thetransmission side and the encryption algorithm operated by the user ofthe transmission side is encrypted with the encryption algorithmoperated by the user of the reception side and transmitted to the userof the reception side with signature data produced for an encryption keyoperated by the user of the reception side.

[0032] According to a twelfth aspect of the present invention, there isprovided an encryption algorithm sharing management method for sharingan encryption algorithm for cryptographic communication, comprising thesteps of: from a user of a transmission side, obtaining a useridentifier indicating the user and a user identifier indicating a userof a reception side; and querying a data base in which a correspondencebetween the user identifier indicating the user, encryption algorithmoperated by the user and encryption key is preliminarily described abouteach user so as to obtain the encryption algorithm operated by the userof the transmission side and an encryption key thereof and theencryption algorithm operated by the user of the reception side andencryption key, wherein if the encryption algorithm operated by the userof the transmission side is different from the encryption algorithmoperated by the user of the reception side, signature data produced foran encryption key operated by the user of the transmission side istransmitted to the user of the transmission side and data indicating theencryption algorithm operated by the user of the transmission side andencryption key produced based on an encryption key operated by the userof the reception side corresponding to a key length of the encryptionalgorithm is encrypted with the encryption algorithm operated by theuser of the reception side and transmitted to the user of the receptionside with signature data produced corresponding to the encryption keyoperated by the user of the reception side.

[0033] According to a thirteenth aspect of the present invention, thereis provided a network communication system composed by connecting aplurality of users, comprising at least an encryption key managementstation to be connected from a user of a transmission side, theencryption key management station obtaining, from the user of thetransmission side, information indicating an encryption algorithmoperated by the user and information indicating an encryption algorithmoperated by a user of a reception side, and when different encryptionalgorithms are operated by the user of the transmission side and theuser of the reception side, encrypting the encryption algorithm operatedby the user of the transmission side with the encryption algorithmoperated by the user of the reception side and transmitted to the userof reception side.

[0034] According to a fourteenth aspect of the present invention, thereis provided a network communication system composed by connecting aplurality of users, comprising at least an encryption key managementstation to be connected from a user of a transmission side, theencryption key management station comprising a data base in which acorrespondence between a user identifier indicating a user and anencryption algorithm operated by the user is preliminarily describedabout each user;

[0035] wherein when a communication is carried out from the user oftransmission side to a user of a reception side, a user identifierindicating the user and a reception side user identifier are obtainedfrom the user of the transmission side, and the data base is queriedwith the obtained identifier as a key so as to obtain an encryptionalgorithm operated by the user of the transmission side and encryptionalgorithm operated by the user of the reception side, and if theencryption algorithm operated by the user of the transmission side isdifferent from the encryption algorithm operated by the user of thereception side, the encryption algorithm operated by the user of thetransmission side is encrypted with the encryption algorithm operated bythe user of the reception side and transmitted to the user of thereception side.

[0036] According to a fifteenth aspect of the present invention, thereis provided a cryptographic communication method wherein if differentencryption algorithms are operated by a transmission side and areception side, the encryption algorithm operated by the reception sideis encrypted with the encryption algorithm operated by the transmissionside and transmitted to the transmission side.

[0037] According to a sixteenth aspect of the present invention, thereis provided a cryptographic communication method wherein informationindicating an encryption algorithm operated by a transmission side andinformation indicating an encryption algorithm operated by a receptionside are obtained from the transmission side and when differentencryption algorithms are operated by the transmission side and thereception side, the encryption algorithm operated by the reception sideis encrypted with the encryption algorithm operated by the transmissionside and transmitted to the transmission side.

[0038] According to a seventeenth aspect of the present invention, thereis provided an encryption algorithm sharing management method forsharing an encryption algorithm for cryptographic communication,comprising the steps of: from a user of a transmission side, obtaining auser identifier indicating the user and a user identifier indicating auser of a reception side; querying a data base in which a correspondencebetween the user identifier indicating user and encryption algorithmoperable by the user is preliminarily described about each user so as toobtain an encryption algorithm operable by the user of the transmissionside and an encryption algorithm operable by the user of the receptionside; determining whether or not there is an encryption algorithmoperable by the user of the transmission side and the user of thereception side commonly; and if the commonly operable encryptionalgorithm exists, it is notified the user of the transmission side thatcryptographic communication at the user of the transmission side and theuser of the reception side is enabled.

[0039] According to an eighteenth aspect of the present invention, thereis provided an encryption algorithm conversion method for converting anoperating first encryption algorithm to other second encryptionalgorithm comprising: querying a data base in which a correspondencebetween a user identifier indicating a user, an encryption algorithmoperated by the user and an encryption key thereof is preliminarilydescribed about each user with a user whose encryption algorithm is tobe converted as a key so as to obtain a first encryption algorithmoperated by the user and a first encryption key; and supplying first andsecond signature data written in the first and second encryption keyswith a first management secret key preliminarily allocated formanagement and operated on the first encryption algorithm, public keydata obtained by encrypting a second public key corresponding to asecond management secret key operated on the second encryption algorithmpreliminarily allocated for management with the first encryptionalgorithm, a second encryption algorithm encrypted with the firstencryption algorithm and signature data produced based on the secondmanagement secret key to the user.

BRIEF DESCRIPTION OF THE DRAWINGS

[0040]FIG. 1 is an explanatory diagram showing a network communicationsystem;

[0041]FIG. 2 is a functional block diagram showing a functionalstructure of respective portions of the network communication system;

[0042]FIGS. 3A and 3B are explanatory diagrams showing information to bestored in data base accessed by a key management work station, FIG. 3Aindicates information to be stored in a network encryption algorithmcontrol data base and FIG. 3B indicates information to be stored in thenetwork key management data base;

[0043]FIGS. 4A and 4B are explanatory diagrams showing information to bestored in data base accessed by a personal computer, FIG. 4A indicatesinformation to be stored in encryption algorithm control data base andFIG. 4B indicates information to be stored in a key structure managementdata base;

[0044]FIG. 5 is a schematic data flow diagram showing conversion ofencryption algorithm to which the present invention is applied;

[0045]FIG. 6 is a schematic data flow diagram showing encryptionalgorithm conversion for common key cipher to which the presentinvention is applied;

[0046]FIG. 7 is a data flow diagram showing cryptographic communicationby common key cipher to which the present invention is applied;

[0047]FIG. 8 is a flow chart showing a former half portion of encryptionalgorithm conversion procedure by common key cipher to which the presentinvention is applied;

[0048]FIG. 9 is a flow chart showing a latter half portion of encryptionalgorithm conversion procedure by common key cipher to which the presentinvention is applied;

[0049]FIGS. 10A and 10B are explanatory diagrams showing a change of anencryption key of common key cipher to which the present invention isapplied; FIG. 10A indicates a case in which the key length is shortened,and FIG. 10B indicates a case in which the key length is prolonged;

[0050]FIG. 11 is a data flow diagram showing cryptographic communicationby public key cipher to which the present invention is applied;

[0051]FIG. 12 is a data flow chart showing encryption algorithmconversion by public key cipher to which the present invention isapplied;

[0052]FIG. 13 is a flow chart showing a former half portion ofencryption algorithm conversion procedure by public key cipher to whichthe present invention is applied;

[0053]FIG. 14 is a flow chart showing a latter half portion ofencryption algorithm conversion procedure by public key cipher to whichthe present invention is applied;

[0054]FIG. 15 is an explanatory diagram showing a change of encryptionkey of public key cipher to which the present invention is applied;

[0055]FIG. 16 is a data flow chart showing cryptographic communicationsystem by public key cipher algorithm to which the present invention isapplied;

[0056]FIG. 17 is a data flow chart showing encryption algorithmconversion by a portable information processing apparatus to which thepresent invention is applied;

[0057]FIG. 18 is a data flow chart showing other embodiment ofencryption algorithm conversion by a portable information processingapparatus to which the present invention is applied;

[0058]FIG. 19 is an explanatory diagram showing a data base relating toencryption key and encryption algorithm to which the present inventionis applied;

[0059]FIG. 20 is a data flow diagram showing a case in which aencryption key is generated by user in encryption algorithm conversionto which the present invention is applied;

[0060]FIG. 21 is a block diagram showing cryptographic communicationsystem by public key cipher algorithm to which the present invention isapplied;

[0061]FIG. 22 is an explanatory diagram showing other embodiment ofnetwork communication system;

[0062]FIG. 23 is an explanatory diagram showing an operation ofencryption of key recovery function to which the present invention isapplied;

[0063]FIG. 24 is an explanatory diagram showing an operation ofdecryption of key recovery function to which the present invention isapplied; and

[0064]FIG. 25 is a block diagram showing cryptographic communicationsystem using IC card based on public key cipher algorithm to which thepresent invention is applied.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0065] Hereinafter, the embodiments of the present invention will bedescribed with reference to the accompanying drawings.

[0066] First, functions of a network communication system to which thepresent invention is applied will be described. In a cryptographiccommunication system to which the present invention is applied, (1) akey management station for controlling an encryption algorithm isplaced, (2) condition of encryption algorithm operated by each user isgrasped by the key management station, (3) an encryption algorithm foruse by each user is set up and (4) encryption algorithm for use by eachuser is converted.

[0067] The respective functions will be described below.

[0068] First, the key management station for controlling the encryptionalgorithm of (1) will be described. A key management station forcontrolling encryption algorithm is placed in the cryptographiccommunication system, so as to register all encryption algorithms usedby user and encryption algorithms to be updated in this key managementstation.

[0069] Next, the function for grasping the condition of the encryptionalgorithm operated by each user of (2) will be described.

[0070] Each user carrying out the cryptographic communication and thekey management station are connected to each other through such anelectronic communication line as a satellite communication line orground communication line or the like and the key management stationalways monitors the condition of the encryption algorithm operated bythe user through the line. If a necessity of the cryptographiccommunication arises between users, whether or not the cryptographiccommunication is possible is determined by judging from the operatingcondition of the encryption algorithm to be operated by the user.

[0071] Further, the key management station grasps the operatingcondition of the encryption algorithm of each user and information ofthe key for use by the user. If the encryption algorithm operated by theuser is changed, information for converting the key is created so as tobe capable of adapting to an encryption algorithm in which the key foruse by the user is changed and then transmitted to that user.

[0072] Next, the function for setting up the encryption algorithm foruse by each user of (3) will be described about a case (i) in whichcryptographic communication is carried out between respective users anda case (ii) in which the intensity of the encryption algorithm for useby each user is converted to an encryption algorithm of the same serieshaving an intensity equivalent to or higher than that encryptionalgorithm.

[0073] First, the case in which the cryptographic communication iscarried out between the respective users of (i) will be described.

[0074] Possible cases include a case (a) in which the users intending tocarry out the cryptographic communication share the same encryptionalgorithm and a case (b) in which the users intending to carry out thecryptographic communication do not share the same encryption algorithm.Corresponding functions to these cases will be described below.

[0075] (a) Case where users intending to carry out cryptographiccommunication share the same encryption algorithm

[0076] 1. The key management station determines that cryptographiccommunication between the users is possible and transmits thisdetermination result to the users.

[0077] 2. The users receive this result and execute the cryptographiccommunication by the shared encryption algorithm.

[0078] (b) Case where users intending to carry out cryptographiccommunication do not share the same encryption algorithm

[0079] 1. The key management station determines that cryptographiccommunication between the users is impossible.

[0080] 2. Considering user request, restriction and the like of aregistered encryption algorithm, the key management station sets upencryption algorithm for use in cryptographic communication between theusers and transmits this encryption algorithm to the users through acommunication line.

[0081] If there is a necessity of converting a key for use by user so asto be applicable for a new set encryption algorithm, information forthis key conversion is created and transmitted to the user through acommunication line.

[0082] 3. The user converts the transmitted encryption algorithm and asrequired, the key for use and executes cryptographic communication.

[0083] Next, the case in which the intensity of the encryption algorithmfor use by each user of (ii) is converted to encryption algorithm of thesame series having an intensity equivalent to or higher than thatencryption algorithm will be described.

[0084] To convert the intensity of the encryption algorithm to anencryption algorithm of the same series having an intensity equivalentto or higher than that encryption algorithm, for example, it can beconsidered that (a) with respect to the encryption algorithm used by theuser, the user supplies an encryption algorithm of the same serieshaving an intensity equivalent to or higher than the encryptionalgorithm used by the user, and (b) with respect to the encryptionalgorithm used by the user, the key management station possesses anencryption algorithm generating apparatus for the encryption algorithmfor use by the user and supplies an encryption algorithm of the sameseries having an intensity equivalent to or higher than that encryptionalgorithm. The function of each case will be described below.

[0085] (a) Case where with respect to the encryption algorithm used bythe user, the user supplies an encryption algorithm of the same serieshaving an intensity equivalent to or higher than the encryptionalgorithm used by the user

[0086] 1. An encryption algorithm of the same series having an intensityequivalent to or higher than the encryption algorithm used by the useris produced and transmitted to the key management station and registeredtherein.

[0087] 2. The key management station sets up a user using an encryptionalgorithm except the registered encryption algorithm of the same serieshaving an intensity equivalent to or higher, as required, producesinformation for converting a key for use by the user and then transmitsthe aforementioned encryption algorithm of the same series having anintensity equivalent to or higher and information for key conversion tothis user.

[0088] 3. The user receiving the encryption algorithm of the same serieshaving an intensity equivalent to or higher and information for keyconversion converts the key for use using the transmitted informationfor key conversion as required and then carries out cryptographiccommunication according to the transmitted encryption algorithm.

[0089] (b) Case where with respect to the encryption algorithm used bythe user, the key management station possesses an encryption algorithmgenerating apparatus for the encryption algorithm for use by the userand supplies an encryption algorithm of the same series having anintensity equivalent to or higher than that encryption algorithm.

[0090] 1: the key management station produces an encryption algorithm ofthe same series having an intensity equivalent to or higher than theencryption algorithm used by the user and registers the producedencryption algorithm.

[0091] 2: The key management station sets up user using an encryptionalgorithm other than the registered encryption algorithm of the sameseries having an intensity equivalent to or higher, as required producesinformation for converting a key used by the user and then transmits theencryption algorithm of the same series having an intensity equivalentto or higher and information for key conversion to this user.

[0092] 3. The user receiving the encryption algorithm of the same serieshaving an intensity equivalent to or higher and information for keyconversion converts the key for use by using the received informationfor key conversion as required and carries out cryptographiccommunication according to the received encryption algorithm.

[0093] Next, a function for converting the encryption algorithm for useby user of (4) will be described.

[0094] 1: The key management station produces the encryption algorithmfor conversion by user and as required, information for conversion ofthe key for use by each user according to the above (3).

[0095] 2: The key management station encrypts the encryption algorithmfor conversion by each user and key conversion information produced asrequired by using the encryption algorithm operated by the user andtransmits it to each user through communication line.

[0096] 3: Each user decrypts data transmitted from the key managementstation using the operated encryption algorithm so as to obtain theencryption algorithm for conversion and key conversion information.

[0097] 4: Each user changes the operated encryption algorithm and keyfor use according to the aforementioned decrypted data.

[0098] 5. Each user encrypts a statement “encryption algorithm changecompleted” using the changed encryption algorithm and transmits it tothe key management station through communication line.

[0099] 6: The key management station decrypts the encrypted andtransmitted data and obtains the statement “encryption algorithm changecompleted” and confirms that user's encryption algorithm has convertedand the encryption function operates properly.

[0100] Next, a first embodiment of the present invention will bedescribed with reference to FIGS. 1-5. In this embodiment, an outline ofencryption algorithm conversion to which the present invention isapplied will be described.

[0101] First, a network communication system to which the presentinvention is applicable will be described with reference to FIG. 1.Here, an example of a structure in which a plurality of personalcomputers (information processing apparatuses) 100, 200 used by usersare connected to the key management station 400, will be described.

[0102] The encryption algorithms operated by this system are assumed tobe A[1]-A[n], B[1]-B[m] and these encryption algorithms are controlledby the key management station. The encryption algorithms A[1]-A[n] areencryption algorithms belonging to the same series A having an intensityequivalent or different. The key management station updates security bychanging encryption algorithm to a new encryption algorithm of the sameseries having an intensity equivalent to or higher than the encryptionalgorithm concerned.

[0103] The key management station manages the encryption algorithmoperated by the user and user ID with correspondence therebetweenassuming that the user ID of user operating the encryption algorithmA[1] is U[A₁, 1 ₁]-U[A₁, N₁], user ID of user operating the encryptionalgorithm A[2] is U[A₂, 1 ₂]-U[A₂, N₂], user ID of user operating theencryption algorithm A[n] is U[A_(n), 1 _(n)]-U[A_(n), N_(n)], user IDof user operating the encryption algorithm B[1] is U[B₁, 1 ₁]-U[B₁, M₁],user ID of user operating the encryption algorithm B[2] is U[B₂, 1₂]-U[B₂, M₂], user ID of user operating the encryption algorithm B[m] isU[B_(n), 1 _(n)]-U[B_(n), M_(m)].

[0104] Referring to FIG. 1, personal computers 100 used by a useroperating one of the encryption algorithms belonging to series A(hereinafter referred to as encryption algorithm A), personal computers200 used by a user operating one of the encryption algorithms belongingto series B (hereinafter referred to as encryption algorithm B), and thekey management station 400 provided with a key management work station500 are connected through a network.

[0105] In this network communication system, cryptographiccommunication, encryption algorithm conversion and the like are carriedout by means of software processing of the personal computers 100, 200such as an information processing unit used by the users and keymanagement work station 500.

[0106]FIG. 22 shows a different embodiment from FIG. 1 of the networkcommunication system in which a plurality of encryption algorithmsexist. In this embodiment of the network communication system, algorithmA, algorithm B, algorithm C and algorithm D exist as the encryptionalgorithm.

[0107] Usually, the encryption algorithm for use is determined by user'sselection.

[0108] There are some encryption algorithms which user don't want to usebecause of the characteristic of the encryption algorithm.

[0109] In the network communication system shown in FIG. 22, theaforementioned four encryption algorithms A, B, C and D are used. Inthis Figure, a range of users using the encryption algorithm A isindicated with a solid line, a range of users using the encryptionalgorithm B is indicated with a dot and dash line, a range of usersusing the encryption algorithm C is indicated with two dots and dashline and a range of users using the encryption algorithm D is indicatedwith broken line.

[0110] Users located in a region in which the encryption algorithmsoverlap can use plural encryption algorithms.

[0111] The key management station stores users capable of using eachencryption algorithm in data base.

[0112] If a request for cryptographic communication occurs betweenusers, the key management work station grasps the operating condition ofthe encryption algorithm of the transmission side and reception sideaccording to the aforementioned data base.

[0113] If the transmission side and reception side share the sameencryption algorithm, cryptographic communication between the both iscontinued.

[0114] If the same encryption algorithm is not shared, whether or notthe same encryption algorithm can be held by the transmission side andreception side is determined according to the aforementioned data base.If the sharing is impossible, it is notified the both that thecryptographic communication is disabled.

[0115] Whether or not the encryption algorithm can be shared between theusers is determined depending on user's convenience. The range of usersusing each encryption algorithm is changed by user's convenience.

[0116] The key management work station changes information stored indata base for indicating users using each encryption algorithm bynotification from the user.

[0117] Next, software processing function of each information processingunit (personal computer, key management work station) in this networkcommunication system will be described with reference to FIG. 2.

[0118] In FIG. 2, the personal computers 100 and 200 are connected toeach other so as to construct a network. Hereinafter, a case where thepersonal computer 100 is used by a transmission side user and thepersonal computer 200 is used by a reception side user will bedescribed. It is needless to say that because the personal computers100, 200 have the same structure, they can be used for both. The keymanagement work station 500 is connected to the personal computer 100for use by at least the transmission side user.

[0119] The personal computer 100 (200) for use by the transmission side(reception side) user includes key structure control function 110 (210),encryption algorithm control function 120 (220), scramble function 130(230), descramble function 140 (240) and cryptographic communicationcontrol function 150 (250). A key structure control data base 180 (280)and encryption algorithm data base 190 (290) are connected to thepersonal computer 100 (200) so as to be accessible therefrom.

[0120] These data bases may be provided separately from the personalcomputers 100, 200 or may be provided integrally therewith. Theaforementioned data bases may be shared by plural personal computers.

[0121] The aforementioned key management work station 500 includesscramble function 530, descramble function 540, cryptographiccommunication control function 550, encryption algorithm generatingfunction 595, network encryption control function 560, and network keymanagement function 570, and is connected to network encryptionalgorithm control data base 590 and network key management control database 580 so as to be accessible therefrom. These data bases may beprovided separately of the key management work station 500 or may beprovided integrally with the key management work station 500.

[0122] Next, the function of the key management work station 500 will bedescribed with reference to FIG. 2.

[0123] A user ID of each user and encryption algorithm are registered inthe network encryption algorithm control data base DB590 withcorrespondence therebetween.

[0124] The network encryption algorithm control function 570 controlsthe data bases for the aforementioned two kinds of data, and carries outregistration, updating and deletion of the encryption algorithm for useby each user.

[0125] The encryption algorithm generating function 595 has a functionfor generating the encryption algorithm of series A.

[0126] As for the encryption intensity of the encryption algorithm, thelonger the length of an operating key, the more difficult decryptionbecomes so that the encryption intensity increases thereby improving thesecurity.

[0127] Further, if even in the encryption algorithm having the same keylength, the operating encryption algorithm is changed periodically, aperiod in which a cipher is attacked can be limited thereby improvingthe security on communication.

[0128] The encryption algorithm generating function 595 generatesdifferent encryption algorithms belonging to series A in which the keylength for use is the same as or longer than current encryptionalgorithms belonging to series A.

[0129] The network key structure control function 570 controls the keyto be operated by this system and stores information of the key to beused by the user in the network key structure control data base.

[0130] The scramble function 530 is a function for encrypting data to betransmitted by the key management station 400 (see FIG. 1) to the userand the descramble function 540 is a function for decrypting the encodeddata received by the key management station 400 (see FIG. 1) from theuser.

[0131] The network key management function 570 controls the key to beused for encrypting and decrypting and stores information about the keyfor use by the user with a correspondence to the encryption algorithmoperated for the key structure control data bases 180, 280.

[0132] Next, the software function of the personal computers 100 (200)which are information processing units for use by the user will bedescribed.

[0133] The encryption algorithm control function 120 (220) controls theencryption algorithm operated by the user.

[0134] The operating encryption algorithm converts the encryptionalgorithm according to an instruction from the key management workstation 500. The encryption algorithm control data base stores theencryption algorithms to be distributed by the key management station400 (see FIG. 1).

[0135] The scramble function 130 (230) is a function for encrypting datato be transmitted by the user and the descramble function 140 (240) is afunction for decrypting the encrypted data received by the user.

[0136] The key structure control function 110 (210) controls the key foruse for encrypting and decrypting and stores the keys with acorrespondence to the encryption algorithm to be operated by the keystructure control data base 180 (280).

[0137] Next, the content of information to be stored in data base to beaccessed from the aforementioned key management work station will bedescribed with reference to FIGS. 3A and 3B.

[0138] In FIG. 3A, user ID for identifying a user, name of theencryption algorithm to be operated by the user, a correspondence to theencryption algorithm version, updating date, key management station IDfor identifying the key management station, name of the encryptionalgorithm to be operated by the key management station, a correspondencewith the encryption algorithm version and its updating date are storedin the network encryption algorithm control data base.

[0139] In FIG. 3B, user ID for identifying a user, name of theencryption algorithm to be operated by the user, a correspondencebetween encryption algorithm version and key information indicating theencryption key to be operated, its updating date, key management stationID for identifying the key management station, name of the encryptionalgorithm to be operated by the key management station, a correspondencebetween the encryption algorithm version and key information indicatingthe encryption key to be operated, and its updating date are stored inthe network key management data base.

[0140] Next, the content of information to be stored in the data baseaccessible from the personal computer for use by user will be describedwith reference to FIGS. 4A and 4B.

[0141] In FIG. 4A, a name of the encryption algorithm, a correspondenceof the encryption algorithm version, and its updating date are stored inthe encryption algorithm control data base.

[0142] In FIG. 4B, a name of the encryption algorithm, encryptionalgorithm version, a correspondence to user key information indicatinguser's encryption key, and its updating date, and a name of theencryption algorithm, encryption algorithm version, a correspondence tokey information of the key management station indicating the encryptionkey of the key management station, and its updating date are stored inthe key management data base.

[0143] Referring to FIG. 7, an outline of cryptographic communication ofa case where both the transmission side and reception side users sharethe same encryption algorithm (assuming that a common key cipher isoperated here) will be described. In this case, it is assumed that thetransmission side user is A, the reception side user is B and thetransmission data to be transmitted therebetween is M.

[0144] The user U[A] specifies the user U[B] relative to the keymanagement work station 500 and requests to issue a session key for usein cryptographic communication.

[0145] The key management work station 500 receives this request andissues the user U[B] with a session key which enables cryptographiccommunication to the user U[A].

[0146] If the user U[A] receives this session key, by using it with thescramble function 130 of the personal computer for use, data M isencrypted and transmitted to user U[B] as an encrypted statement.

[0147] The user U[B] stores the same encryption algorithm as the userU[A] in the encryption algorithm data base 190. As a result, the userU[B] decrypts the encrypted statement transmitted from the user U[A] bythe descramble function 140 to obtain data M.

[0148] On the other hand, as a case where the operating encryptionalgorithm differs between the transmission side and reception sideusers, for example, in the operating encryption algorithms A[1]-A[n],B[1]-B[m], sometimes a plurality of encryption algorithms in whichmethods of the common key encryption algorithm and public key encryptionalgorithm are different exist.

[0149] If the user U[A] carries out cryptographic communication for theuser U[B], in case where both the users share the same encryptionalgorithm, the cryptographic communication can be carried out withoutany special treatment. However, if the same encryption algorithm is notshared, the encryption algorithm possessed by user is converted so as tomake both the users share the same encryption algorithm therebyachieving the cryptographic communication.

[0150] This encryption algorithm conversion is carried out depending onthe condition of the encryption algorithm possessed by the user asfollows.

[0151] (1) The encryption algorithms of the same series are controlledbased on the version number. The encryption algorithm is converted tothe other encryption algorithm of the same series having the same or adifferent encryption intensity.

[0152] (2) The common key encryption algorithm is converted to othercommon key encryption algorithm.

[0153] (3) The public key encryption algorithm is converted to otherpublic key encryption algorithm.

[0154] (4) The common key encryption algorithm is converted to otherpublic key encryption algorithm.

[0155] (5) The public key encryption algorithm is converted to othercommon key encryption algorithm.

[0156] The encryption algorithm mentioned here means a procedure forconverting a series of data. The encryption mentioned here means dataconversion and the decryption means inverse conversion of converteddata.

[0157] For example, it is assumed that K is binary data string and M isanother binary data string. Consider the following π function which isdetermined by K.

π(M)=M xor K

[0158] where xor indicates exclusive ⁻OR between M and K. The datastring M has been converted by π(M). If π(M) xor K is obtained withrespect to this converted data, $\begin{matrix}{{{\pi (M)}\quad {xor}\quad K} = {\left( {M\quad {xor}\quad K} \right)\quad {xor}\quad K}} \\{= {M\quad {xor}\quad \left( {K\quad {xor}\quad K} \right)}} \\{= M}\end{matrix}$

[0159] The data M is obtained by inversely converting the converted dataπ(M). The procedure for data conversion and inverse conversion like thisπ function is called encryption algorithm.

[0160] Next, assuming N data {K₁, K₂, K₃, . . . K_(N)}, a functioncorresponding to data K_(i) is assumed to be π_(i). From this N πfunctions, the following two pairs of the functions f, g are considered.

f=π ₁ oπ ₂ oπ ₃ oooπ _(N)

g=π _(N) oπ _(N−1) oπ _(N−2) oooπ ₁

[0161] These two pairs of the functions f, g are obtained by computationon the n π functions sequentially. Therefore, f(M) and g(M) indicate aprocedure for conversion of data M and the converted data f (M) isinversely converted by the function g to introduce data M.

[0162] Therefore, it can be considered that the functions f, g are asingle encryption algorithm, so that it can be considered that thefunction f corresponds to encrypting of data and the function gcorresponds to decrypting of data.

[0163] If the computation order of N π functions or the value ofparameter K_(i) is changed, another encryption algorithm can beobtained.

[0164] The encryption algorithm of the same series mentioned in theaforementioned encryption algorithm conversion means an encryptionalgorithm obtained by changing an order of a part of the data conversionor assembling by changing the values of parameters for use. Hereinafter,the encryption algorithm of the same series is referred to as encryptionalgorithm of a different version.

[0165] If such encryption algorithm conversion is carried out, the keypossessed by the user is also converted corresponding to the convertedencryption algorithm.

[0166] Next, an outline of the encryption algorithm conversion operatedin network communication to which the present invention is applied willbe described with reference to FIG. 5.

[0167] Here, it is assumed that the transmission side user is U[A] andthe encryption algorithm operated by the U[A] is encryption algorithmEANG. On the other hand, it is assumed that the reception side user isU[B] and encryption algorithm operated by the U[B] is encryptionalgorithm EBF.

[0168] The encryption algorithm EANG and encryption algorithm EBF arestored in the network encryption algorithm control data base 590 of thekey management work station 500 by making the former correspond to theuser ID of the user U[A] and the latter correspond to the user ID of theuser U[B].

[0169] Further, it is assumed that a key for the key management workstation 500 to carry out cryptographic communication with the user U[A]based on the encryption algorithm EANG is K_(A) and a key for the keymanagement work station 500 to carry out cryptographic communicationwith the user U[B] based on encryption algorithm EBF is K_(B).

[0170] The key K_(A) is stored in the key structure control data base180 of the user U[A] and the key K_(B) is stored in the key structurecontrol data base 280 of the user U[B]. Further, the key K_(A) is storedin the network key management data base 580 of the key management workstation 500 with a correspondence to the user ID of the user U[A] andthe key K_(B) is stored therein with a correspondence to the user ID ofthe user U[B].

[0171] By taking a case where the user U[A] carries out cryptographiccommunication with the user U[B] under the above described environment,an outline of the encryption algorithm conversion to be operated in thisnetwork communication system will be described.

[0172] 1: The user U[A] specifies a reception side person by the user IDof the user U[B] by the cryptographic communication control function 150and sends “a request for session key issue” to the cryptographiccommunication control function 550 of the key management work station500.

[0173] 2: The “request for session key issue” is sent to the networkencryption algorithm control function 560 of the key management workstation 500. The network encryption algorithm control function 560retrieves in the network encryption algorithm data base 590 based on theuser ID of the user U[A] and user ID of the user U[B].

[0174] The encryption algorithm to be operated by the user U[A] isencryption algorithm EANG and the encryption algorithm to be operated bythe user U[B] is encryption algorithm EBF. Thus, it is determined thatthe same encryption algorithm is not shared and this result istransmitted to the cryptographic communication control function 550.

[0175] 3: Receiving this result, the cryptographic communication controlfunction 550 starts conversion of the encryption algorithm of the userU[B] from EBF to EANG.

[0176] First, the key L_(B) is generated to carry out cryptographiccommunication with the user U[B] with encryption algorithm EANG and“descramble function confirmation end” is specified in plain text dataMD.

[0177] Next, the encryption algorithm EANG and key L_(B) are encryptedby the encryption algorithm EBF and key K_(B) so as to create the cipherstatement EBF_(KB) (EANG) and EBF_(KB) (L_(B)).

[0178] Further, the plain text data MD is encrypted with the encryptionalgorithm EANG and key L_(B) so as to create the encrypted statementEANG_(LB) (MD). The aforementioned three encrypted statements arecreated by the scramble function 530 of the key management work station500.

[0179] These three encrypted statements are sent to the user U[B] as“encryption algorithm updating request”.

[0180] 4: The user U[B] receiving these three encrypted statementsEBF_(KB)(EANG), EBF_(KB)(L_(B)) and EANG_(LB)(MD) decrypts theseencrypted statements by the descramble function 240.

[0181] First, the encrypted statement EBF_(KB) (EANG) and encryptedstatement EBF_(KB)(L_(B)) are decrypted by the key K_(B) stored in thekey structure control data base 280 so as to obtain the encryptionalgorithm EANG and key L_(B).

[0182] The encryption algorithm control function 220 stores the obtainedencryption algorithm EANG in the encryption algorithm data base 290 andupdates the operating condition of the encryption algorithm from theencryption algorithm EBF to the encryption algorithm EANG. The keystructure control function 210 stores the obtained key L_(B) in the keystructure control data base 280.

[0183] In this manner, the encryption algorithm and key are updated.

[0184] Next, by using the updated encryption algorithm EANG and keyL_(B), the encrypted statement EANG_(LB) (MD) is decrypted so as toobtain a plain text data MD. It is confirmed that the obtained plaintext data MD is written as “descramble function confirmation isterminated” and then it is confirmed that the descramble function 240 bythe converted encryption algorithm EANG is operated properly.

[0185] 5: Next, the plain text data MS is written as “scramble functionconfirmation is terminated” and by operating the scramble function 230,the encrypted statement EANG_(LB) (MS) is created using the encryptionalgorithm EANG and key L_(B).

[0186] This created encrypted statement is distributed to the keymanagement work station 500 as the “encryption algorithm updatingreport”.

[0187] 6: Receiving the “encryption algorithm updating report”, the keymanagement work station 500 decrypts the encryption algorithm EANG andkey L_(B) so as to obtain the plain text data MS. It is confirmed thatthe obtained plain text data MS is written as “scramble functionconfirmation is terminated” and then it is confirmed that the scramblefunction 230 by the encryption algorithm EANG converted by the user U[B]is operated properly. As a result, it is confirmed that the encryptionalgorithm conversion, the scramble function 230 and descramble function240 for carrying out encrypting and decrypting are operated properly andthen the encryption algorithm conversion is terminated.

[0188] 7: As a result of the above procedure, the user U[A] and userU[B] become capable of sharing the same encryption algorithm EANG. Theusers U[A] and U[B] restart cryptographic communication and the keymanagement work station carries out “session key issue” based on thealgorithm EANG to the user U[A].

[0189] In the above description, the procedures for distribution of theencryption algorithm upon encryption, conversion of the key to beoperated and confirmation of the operation of the converted encryptionalgorithm have been described.

[0190] A detail of the encryption algorithm conversion has beendescribed. Here, an attention is paid to which the operating cipher ispublic key cipher or common key cipher and then, the encryptionalgorithm conversion (second embodiment of the present invention) in acase where the cryptographic communication system is constructed of thecommon key cipher will be described and secondly, the encryptionalgorithm conversion (third embodiment of the present invention) in acase where the cryptographic communication system is constructed ofpublic key cipher will be described. Because the basic composition ofthese embodiments is the same as the aforementioned first embodiment, inthe following description, mainly a different point therefrom will bestated and a detail of the encryption algorithm conversion of each casewill be described.

[0191] First, the second embodiment of the present invention will bedescribed with reference to FIGS. 6-10. Here, the encryption algorithmconversion in the cryptographic communication system constructed of thecommon key cipher will be described. That is, the encryption algorithmconversion in a case where the operating encryption algorithms A[1]-A[n]and B[1]-B[m] are all common key encryption algorithms in thecryptographic communication system of FIG. 1 will be described.

[0192] The cryptographic communication based on the common keyencryption algorithm will be described with reference to FIGS. 6 and 7.

[0193] As a presumption for carrying out cryptographic communication,user ID and a secret key as master key are allocated to each user usinginformation processing unit such as a personal computer from the keymanagement station 500. Then, the master key allocated to each user isregistered and controlled in the network key management data base 580 ofthe key management work station 500 with a correspondence to the userID. Likewise, the secret key P_(CID) is allocated to the key managementstation 500 as the master key.

[0194] This embodiment uses duplex encryption method in which theencryption algorithm of the scramble key k_(s) for use in dataencryption and the encryption algorithm of the session key for use indispatch of the descramble key K_(D) are composed of differentencryption algorithms, thereby intending to improve the security ascompared to the case where the same encryption algorithm is used. Inthis embodiment, it is assumed that the encryption algorithm foroperating the session key and master key uses the same encryptionalgorithm.

[0195] Hereinafter, by taking a case where cryptographic communicationis carried out from the user u[A] to the user U[B], a content of thecryptographic communication will be described.

[0196] (1) In case where the user U[A] carries out cryptographiccommunication with the user U[B], the user U[A] requests the keymanagement station 500 for issue of the session key. Here, it is assumedthat the user U[A] is a transmission side user and the user U[B] is areception side user. Receiving this session key issue request, thenetwork encryption algorithm control function 560 of the key managementwork station 500 retrieves in the network encryption algorithm data base590 and determines whether or not the encryption algorithm used by theuser U[A] is the same as that used by the user U[B].

[0197] (2) When it is determined that the user U[A] and user U[B] usethe same encryption algorithm, the network key management function 570of the key management work station 500 generates a session key P_(T)with that encryption algorithm. Next, the master key PID of thetransmission side user and the master key P_(YID) of the reception sideuser are fetched out from the network key management data base 580 and aplain text of the session key P_(T) is encrypted so as to create theencrypted statements E_(PID) (P_(T)), E_(PYID) (P_(T)). This encryptedstatement is transmitted to such an information processing unit as apersonal computer used by the transmission side user.

[0198] (3) In the personal computer for use by the transmission sideuser, the master key P_(ID) of that user controlling the computer isfetched out from the key structure control data base 180. Using thiskey, the transmitted session key encrypted is decrypted so as to obtainthe session key P_(T).

[0199] (4) On the other hand, receiving the data M input by the user,the scramble key k_(s) for encrypting this data M and descramble keyK_(D) for decrypting it are generated.

[0200] (5) Next, the data M input by the user is encrypted by thescramble key k_(s) so as to create an encrypted statement E_(ks)(M).Likewise, the descramble key K_(D) is encrypted with the session keyP_(T) so as to create the encrypted statement E_(PT) (k_(D)). These twoencrypted statements and the transmitted encrypted statementE_(PYID)(P_(T)) are transmitted to such information processing unit as apersonal computer for use by the reception side user.

[0201] (6) The personal computer of the reception side user fetches themaster key P_(YID) of this user from the key structure control data base280 and the encrypted session key E_(PYID)(P_(T)) by this key isdecrypted so as to obtain the session key P_(T). Next, the transmittedencrypted descramble key E_(PT)(K_(D)) is decrypted with the session keyP_(T) so as to obtain the descramble key K_(D).

[0202] Finally, the encrypted statement E_(ks) (M) of data transmittedwith this descramble key K_(D) is decrypted so as to obtain the data M.

[0203] If the network encryption algorithm control function of the keymanagement work station 500 determines that the user U[A] and user U[B]do not use the same encryption algorithm, it carries out conversion ofthe encryption algorithm of the user U[B] for the users U[A] and U[B] tobe able to operate the same encryption algorithm.

[0204] Next, the procedure for encryption algorithm conversion of thisembodiment will be described with reference to FIGS. 6, 8 and 9.

[0205] (1) If the network encryption algorithm control function 560receives a session key issue request containing user ID of thetransmission side user and user ID of the reception side user from thetransmission side user and retrieves in the network encryption algorithmdata base 590 with the transmitted user ID as a key, so as to grasp theoperating condition of the encryption algorithm operated by thetransmission side user and reception side user. As shown in FIG. 6, thecryptographic communication system applies duplex encryption method bythe common key cipher, so that two kinds of encryption algorithms, thatis, encryption algorithm for use in encrypting of data and encryptionalgorithm for use in operating the session key are used. If the twokinds of the encryption algorithms operated by the transmission sideuser and reception side user do not agree with each other, cryptographiccommunication between both the parties cannot be achieved.

[0206] If no coincidence occurs as a result of retrieval in the networkencryption algorithm data base 590, the encryption algorithm EANGoperated by the transmission side user is fetched out. The fetchedencryption algorithm is supplied with an identifier for identifyingwhether it will be used for encrypting of data or operating the sessionkey. If the two kinds of the encryption algorithms do not coincide witheach other, the two kinds of the encryption algorithms are fetched out.

[0207] Assuming that the encryption algorithm operated by the receptionside user is EBF, this encryption algorithm EBF is converted to theencryption algorithm EANG fetched out.

[0208] (2) The network key management function 570 of the key managementwork station 500 generates the session key P_(TA) with the encryptionalgorithm EBF prior to conversion and generates the session key P_(TB)with the encryption algorithm EANG after the conversion. If there is nochange in the algorithm for operating the session key, the P_(TA) isequal to the P_(TB). Next, the user ID key of the reception side user isretrieved in the network key management data base 580 and the master keyP_(YID) of the reception side user is fetched out.

[0209] If the encryption algorithm is converted, the key length of thekey to be used for cryptographic communication or bit length increasesor decreases. Therefore, in this case, it is demanded that a change ofthe key length of the encryption key is carried out with a conversion ofthe encryption algorithm.

[0210] Conversion of the encryption key accompanied by a conversion ofthe encryption algorithm will be described with reference to FIG. 10Aand FIG. 10B.

[0211] A case where the bit number of the key decreases is as follows.As shown in FIG. 10A, redundant bit numbers after the master key P_(YID)of the reception side user and after the master key P_(CID) of the keymanagement station 500 are deleted so as to obtain new master keyP_(YIDC) for the reception side user and master key P_(CIDC) for the keymanagement station 500.

[0212] On the other hand, a case where the bit number of the keyincreases is as follows. As shown in FIG. 10B, random numbers YR, CR aregenerated corresponding to short bit numbers, so that a new master keyP_(YIDC) (P_(YIDC)=P_(YID)∥YR) for the reception side user is obtainedby connecting a random number YR to the P_(YID) and a new master keyP_(CIDC) (C_(CIDC)=C_(CID)∥CR) for the network key management workstation 500 is obtained by connecting the random number CR to theP_(CID).

[0213] Because there is a possibility that the updated master keysP_(YIDC), P_(CIDC) of the users are equal to the master keys of theother users, by retrieving the network key management data base 580, itis confirmed if there is same master key or not and if there is a userof the same master key, a new master key of a required length isgenerated.

[0214] (3) The following encrypted statement is produced using theencryption algorithm EBF prior to conversion at the key management workstation 500.

[0215] 1: The session key P_(TA) is encrypted with the encryptionalgorithm EBF prior to conversion and master key P_(YID) so as to createthe encrypted statement EBF_(PYID) (P_(TA)).

[0216] 2: The encryption algorithm EANG is encrypted with the encryptionalgorithm EBF prior to the conversion and the session key P_(TA) so asto create the encrypted statement EBF_(PTA) (EANG).

[0217] 3: The master key P_(YIDC) of the reception side user after theconversion is encrypted with the encryption algorithm EBF prior to theconversion and session key P_(TA) so as to create the encryptedstatement EBF_(PTA) (P_(YIDC)). If there is no change in the master keyof the reception side user, this encrypted statement is not created.

[0218] (4) The following encrypted statement is created using theencryption algorithm EANG after the conversion at the key managementstation 500.

[0219] 1: The session key P_(T) to be operated by the encryptionalgorithm after the conversion is encrypted with the encryptionalgorithm EANG after the conversion and the master key P_(YIDC) of thereception side user after the conversion so as to create the encryptedstatement EANG_(PYIDC)(P_(TB)).

[0220] If there is no change in the encryption algorithm for operatingthe session key, this encrypted statement is the same as theEBF_(PYID)(P_(TA)).

[0221] 2. The session key P_(TB) to be operated by the encryptionalgorithm after the conversion with the encryption algorithm EANG afterthe conversion and the master key P_(CIDC) of the key management workstation 500 after the conversion has been encrypted so as to create theencrypted statement EANG_(PCIDC)(P_(TB)).

[0222] If there is no change in the encryption algorithm for operatingthe session key, this encrypted statement is the same as the encryptedstatement EBF_(PCID) (P_(TA)) produced by ciphering the session keyP_(TA) to be operated based on the encryption algorithm before theconversion with the encryption algorithm EBF before the conversion andthe master key P_(CID) of the key management work station 500 before theconversion.

[0223] 3: The plain text data MD is written as “confirmation ofdescramble function after algorithm conversion is terminated”.

[0224] A scramble key k_(SC) for encrypting plain text data MD and adescramble key K_(DC) for decrypting both with the encryption algorithmEANG after the conversion, are generated.

[0225] Next, the data MD is encrypted with the scramble key k_(SC) so asto create an encrypted statement E_(ksc) (MD). Likewise, the descramblekey K_(DC) is encrypted with the session key P_(TB) to be operated withthe encryption algorithm after the conversion so as to create theencrypted statement EANG_(PTB)(K_(DC)).

[0226] (5) At the key management work station 500, three encryptedstatements have been produced in the above (3), EBF_(PYID) (P_(TA)),EBF_(PTA)(EANG) and EBF_(PTA) (P_(YIDC)) and four encrypted statementshave been produced in the above (4) EANG_(PYIDC)(P_(TB)),EANG_(PCIDC)(P_(TB)), E_(ksC)(MD) AND EANG_(PTB)(K_(dc)). Thesestatements are sent to a reception side user as “encryption algorithmconversion request”. Here, the three encrypted statements produced inthe above (3) are information for converting the encryption algorithm ofthe reception side user and the four encrypted statements produced inthe above (4) are information for confirming whether or not theconverted encryption algorithm operates properly after the encryptionalgorithm is converted.

[0227] (6) After the encryption algorithm of the reception side user isconverted and the master key is updated, the reception side user isoperating the EBF as the encryption algorithm and possesses the P_(YID)as the mater key. From an encrypted statement transmitted from the keymanagement work station,

[0228] 1: the encrypted statement EBF_(PYID) (P_(TA)) is decrypted withthe P_(YID) as the master key so as to obtain the session key P_(TA).

[0229] 2: The encrypted statement EBF_(PTA) (EANG) is decrypted with thesession key P_(TA) so as to obtain the encryption algorithm EANG.

[0230] 3: The encrypted statement EBF_(PTA) (P_(YIDC)) is decrypted withthe session key P_(TA) so as to obtain the master key P_(YIDC).

[0231] In the above manner, the reception side user obtains theencryption algorithm EANG and master key P_(YIDC). Then, the obtainedencryption algorithm EANG is registered in the encryption algorithmcontrol data base 290 and the encryption algorithm to be operated by theencryption algorithm control function 220 is converted from EBF to EANG.

[0232] If the master key of a reception side user is updated, the masterkey is changed from P_(YID) to P_(YIDC) by the key structure controlfunction 210.

[0233] (7) The descramble function 240 is confirmed by the encryptionalgorithm converted by the reception side user.

[0234] The encrypted statement transmitted from the key management workstation 500 is decrypted by the descramble function 240 using theconverted encryption algorithm and it is confirmed that the descramblefunction 240 operates properly.

[0235] 1: The encrypted statement EANG_(PYIDC)(P_(TB)) is decrypted withP_(YIDC) as the master key so as to obtain the session key P_(TB).

[0236] 2: The encrypted statement EANG_(PTB) (k_(DC)) is decrypted withthe session key P_(TB) so as to obtain the descramble key k_(DC).

[0237] 3: The encrypted statement E_(ksc)(MD) is decrypted with thedescramble key k_(DC) so as to obtain a plain text data MD.

[0238] 4: It is confirmed that the plain text data MD is written as“confirming the descramble function after the algorithm conversion hasbeen terminated” and then it is confirmed that the descramble function240 operates properly.

[0239] (8) Driving the scramble function 230 using the convertedencryption algorithm of a reception side user

[0240] To confirm that the scramble function 230 using the convertedencryption algorithm operates properly, plain text data is set andencrypted by the scramble function 230 and then transmitted to the keymanagement work station 500.

[0241] 1: The plain text data MS is written as “algorithm conversionconfirmation test is terminated”. A scramble key K_(su) for encryptingthis plain text data MS with the encryption algorithm EANG after theconversion and a descramble key K_(du) for decrypting are generated.Next, the data MS is encrypted with the scramble key k_(su) so as toproduce an encrypted statement EANG_(ksu)(MS). Likewise, the descramblekey K_(du) is encrypted with the obtained session key P_(TB) so as tocreate the encrypted statement EANG_(PTB) (k_(Du)).

[0242] 2: Produced two encrypted statements EANG_(PTB)(k_(DU)) andEANG_(ksu) (MS) and an encrypted statement EANG_(PCIDC)(P_(TB))transmitted from the key management work station 500 are returned to thekey management work station 500 as “encryption algorithm conversionconfirmation request”.

[0243] (9) Confirmation of encryption algorithm conversion at the keymanagement work station 500

[0244] The encrypted statement returned from the reception side user isdecrypted so as to confirm that the scramble function 230 for theconverted encryption algorithm of the reception side user operatesproperly. Then, it is confirmed that the encryption algorithm after theconversion operates properly.

[0245] 1: The encrypted statement EANG_(PCIDC)(P_(TB)) is decrypted withthe master key P_(CIDC) of the key management work station 500 so as toobtain the session key P_(TB).

[0246] 2: The encrypted statement EANG_(PTB) (K_(DU)) is decrypted withthe session key P_(TB) so as to obtain the descramble key K_(DU).

[0247] 3: The encrypted statement E_(ksu)(MS) is decrypted with thedescramble key k_(Du) so as to obtain a plain text data MS.

[0248] 4: It is confirmed that the obtained plain text data MS iswritten as “algorithm conversion confirmation test is terminated” and itis confirmed that the scramble function 230 of a reception side useroperates properly. Then, it is confirmed that the encryption algorithmafter the conversion operates properly.

[0249] In the network communication system in which the common keycipher is operated, the algorithm conversion can be carried out.

[0250] As a result of this algorithm conversion, it comes that the userU[A] and user U[B] share the same encryption algorithm. As a result, theuser U[A] and user U[B] are enabled to carry out cryptographiccommunication by the steps shown in FIG. 7.

[0251] In this embodiment, in case where the user U[A] and user U[B]possess an encryption algorithm of the same series having the sameintensity or having a different intensity, it is possible to convert toan encryption algorithm having a high intensity by the networkencryption algorithm control function 560.

[0252] In this case, if the user U[A] has an encryption algorithm havinga higher intensity than the user U[B], the encryption algorithm of theuser U[B] is converted to an encryption algorithm of the user U[A].Conversely if the encryption algorithm of the user U[B] has a higherintensity, the encryption algorithm of the user U[A] is converted tothat of the user U[B]. This algorithm conversion can be carried out inthe same procedures as shown in FIGS. 6, 8 and 9.

[0253] Next, a case in which the security is improved by raising theencryption intensity of an encryption algorithm controlled by the keymanagement work station 500 or by changing the encryption algorithmversion without changing the encryption intensity will be described.

[0254] As shown in FIG. 1, the encryption algorithms A[1]-A[n] areencryption algorithms controlled by the key management work station 500of the same A cipher series and the key management work station 500 hasa function for generating this encryption algorithm. By changing theencryption algorithm, it is possible to change the encryption intensityor procedure for encryption computation. As compared to use of the sameencryption algorithm, the security of the cryptographic communicationsystem can be improved.

[0255] The user ID of a user operating the same A series encryptionalgorithm is U[Ai, j] and the key management work station 500 selects auser which changes the encryption algorithm from these users. Then, byusing the function for generating the encryption algorithm, a newencryption algorithm is generated and the newly generated encryptionalgorithm is distributed to a user determined to change the encryptionalgorithm.

[0256] This distribution can be carried out in the same manner as theabove described algorithm conversion of the encryption algorithm.

[0257] Cases for distributing an encryption algorithm of a differentversion and an encryption algorithm having a different encryptionintensity have been described above.

[0258] The encryption algorithm of each user is converted to anencryption algorithm distributed thereto. The encryption algorithmbefore the conversion is not deleted but stored in the encryptionalgorithm data base 190, 290 of each user. The key management workstation 500 controls the encryption algorithm stored in the encryptionalgorithm data base 190, 290 of each user by using the networkencryption algorithm control data base 590.

[0259] Consequently, in case when a request for cryptographiccommunication from the user U[A] to the user U[B] occurs, if a commonencryption algorithm exists in the encryption algorithm data bases 190,290 of both the users, the key management work station 500 does not haveto distribute any encryption algorithm. If the key management workstation 500 dispatches an instruction for changing over to the commonencryption algorithm, the cryptographic communication from the user U[A]to the user U[B] is enabled.

[0260] The encryption algorithm conversion of a case when thecryptographic communication system is composed of common key ciphers hasbeen described above.

[0261] A third embodiment of the present invention will be describedwith reference to FIGS. 11-15. Here, encryption algorithm conversion ofa network communication system in which a public key cipher is operatedor a case where the cryptographic communication system is composed ofthe public key cipher will be described.

[0262] In the network communication system shown in FIG. 1, it isassumed that all the encryption algorithms A[1]-A[n], B[1]-B[m] to beoperated are public key cipher algorithms.

[0263] Cryptographic communication by the public key cipher algorithmwill be described with reference to FIG. 12.

[0264] As the public key cipher algorithm, for example, elliptical curvecipher algorithm is applicable. It is assumed that a base point of anelliptical curve necessary for describing computation of this ellipticalcurve cipher key is P. The elliptical curve cipher has been stated infor example, “Quick Encryption Method Using Elliptical Curve” by KazuoTakaragi and Hiroyuki Kurumaya, in Technical Report of IEICE ISEC97-15(1997-07).

[0265] In case when cryptographic communication is carried out, an issueof the session key is received from the network key management function570 of the key management work station 500, data received based on thiskey is encrypted so as to create an encrypted statement and thentransmitted to the descramble function 240 of a personal computer of areception side user.

[0266] The descramble function 240 decrypts the transmitted encryptedstatement so as to obtain data.

[0267] As a presumption for operating the cryptographic communicationprocessing portion, a user ID, a secret key d_(ID) as a master key and apublic key Q_(ID) (=P·d_(ID): · is computation on elliptical curve)corresponding to this secret key are allocated by the key managementwork station 500 to each user using such information processing unit asa personal computer. The public key Q_(ID) allocated to user isregistered and controlled in the network key management data base 580 ofthe key management work station 500 with a correspondence to the userID. Likewise, a secret key d_(C) as the mater key and a public key Q_(C)(=P·d_(c): · is computation on elliptical curve) corresponding to thissecret key are allocated to the key management work station 500. Thepublic key Q_(C) of the key management work station 500 is open to allusers of this system.

[0268] According to this embodiment, data encryption is carried out withthe scramble key K_(S) and data decrypting is carried out with thedescramble key K_(D). Distribution of this descramble key K_(D) iscarried out by the elliptical curve cipher which is a public key cipher.As a common key encryption algorithm for operating the scramble keyK_(s), descramble key K_(D), for example, MULTI2 encryption algorithmcan be used. The MULTI2 encryption algorithm (Hitachi, “MULTI2”,Registration of cryptographic algorithm, ISO9979/0009, NCC, UK (1994))is an encryption algorithm which has achieved actual performance in forexample, CS digital broadcasting (digital broadcasting usingcommunication satellite).

[0269] Hereinafter, a case where cryptographic communication is carriedout from the user U[A] to the user U[B] will be described. It is assumedthat the user U[A] is transmission side user and the user U[B] isreception side user.

[0270] (1) Upon cryptographic communication from the user U[A] to theuser U[B], the user U[A] requests the key management work station 500for session key issue. Receiving this session key issue request, thenetwork encryption algorithm control function 560 of the key managementwork station 500 retrieves in the network encryption algorithm data base590 so as to determine whether or not the encryption algorithm used bythe user U[A] is equal to the encryption algorithm used by the userU[B].

[0271] (2) If it is determined that the user U[A] and user U[B] use thesame encryption algorithm, the network key management function 570 ofthe key management work station 500 retrieves in the network keymanagement data base 580 with the user ID as a key and fetches out apublic key Q_(YID) corresponding to a master key of a reception sideuser and a public key Q_(ID) corresponding to a master key of thetransmission side user.

[0272] Signature producing computation is carried out with the secretkey d_(c) which is the master key of the key management work station 500to the fetched out public key Q_(YID) and public key Q_(ID) so as tocreate signature data S_(dc) (Q_(YID)) and signature data Sdc(Q_(ID)).With this public key Q_(YID) as a session key, the signature data S_(dc)(Q_(YID)) and signature data S_(dc) (Q_(ID)) are transmitted incombination to the transmission side user so as to issue the sessionkey.

[0273] (3) A user receiving the public key Q_(YID), signature dataS_(dc)(Q_(YID)) and signature data S_(dc)(Q_(ID)) carries out signatureverifying computation on the signature data S_(dc)(Q_(YID)) and Q_(YID)using the public key Q_(C) of the key management work station 500 so asto confirm that the public key Q_(YID) is a key transmitted from aproper key management work station 500 and a key allocated to a properreception side user intended to communicate with.

[0274] In this manner, the transmission side user receives an issue of apublic key for use as a session key.

[0275] (4) The transmission side user generates the scramble key K_(s)for encrypting data M to be transmitted and the descramble key K_(D) fordecrypting.

[0276] Next, the data M inputted by the user is encrypted with thescramble key K_(s) so as to create an encrypted statement E_(Ks) (M).

[0277] Further, the descramble key K_(D) is encrypted with thetransmitted public key Q_(YID) as a session key so as to generate anencrypted descramble key E_(QYID) (K_(D)).

[0278] To guarantee that the data M to be transmitted has been createdby the transmission side user, signature producing computation iscarried out to the data M to be transmitted with the secret key d_(ID)as a master key allocated to the transmission side user from the keymanagement work station 500 and the signature data S_(dID) (M) isproduced.

[0279] In case of public key cipher, the transmitted key Q_(YID) can beused as an encryption key as it is.

[0280] Five data, that is, two encrypted statements E_(KS)(M) andE_(QYID)(K_(D)), signature data S_(dID)(M) about the data M, signaturedata S_(dc) (Q_(ID)) about a public key of transmission side usertransmitted from the key management work station 500, and public keyQ_(ID) of the transmission side user are sent to the reception sideuser.

[0281] (5) Receiving the five data, the reception side user carries outsignature verifying computation on the signature data S_(dc)(Q_(ID)) andQ_(ID) using the public key Qc of the key management work station 500,so as to confirm that the public key Q_(ID) has been transmitted from aproper key management work station 500, thereby ensuring that that keyis a public key allocated to the transmission side user properly.

[0282] Then, the encrypted descramble key E_(QYID) (K_(D)) is decryptedwith the secret key d_(YID) as a master key which is allocated to thereception side user from the key management work station 500 so as toobtain the descramble key K_(D).

[0283] Next, the encrypted statement E_(Ks)(M) is decrypted with thisdescramble key K_(D) so as to obtain the data M.

[0284] Finally, signature verifying computation is carried out on thesignature data S_(dID) (M) and data M with the public key Q_(ID)transmitted from the transmission side user so as to ensure that thedata M is data transmitted from a proper transmission side user.

[0285] Consequently, in the network communication system, the user U[A]is capable of carrying out cryptographic communication with the userU[B].

[0286] On the other hand, if the encryption algorithm control functiondetermines that the user U[A] and user U[B] don't use the sameencryption algorithm, it converts the encryption algorithm of the userU[B] for both the users U[A] and U[B] to be able to use the sameencryption algorithm.

[0287] Encryption algorithm conversion in a network communication systemoperating the public key encryption algorithm will be described withreference to FIGS. 11, 13 and 14.

[0288] (1) Receiving a session key issue request containing the user IDof the transmission side user and user ID of the reception side userfrom the transmission side user, the network encryption algorithmcontrol function 560 retrieves in the network encryption algorithmcontrol data base 590 with a transmitted user ID as a key and grasps acondition of the encryption algorithm operated by the transmission sideuser and reception side user. As shown in FIG. 11, the networkcommunication system employs cryptographic communication system based onduplex encryption method. A common key encryption algorithm is used fordata encryption and a public key encryption algorithm is used foroperating the session key.

[0289] Unless two kinds of the encryption algorithms operated by thetransmission side user and reception side user agree, cryptographiccommunication between the both cannot be carried out.

[0290] If the two kinds of the encryption algorithms do not agree as aresult of querying on the network encryption algorithm management database 590, the encryption algorithm EANG operated by the transmissionside user is fetched out. The fetched encryption algorithm is suppliedwith an identifier for indicating whether it is used for data encryptionor operation of the session key. Of course, if each of the two kinds ofthe encryption algorithms does not agree, the two kinds of theencryption algorithms are fetched out.

[0291] Assuming that the encryption algorithm operated by the receptionside user is EBF, the encryption algorithm is converted from thisencryption algorithm EBF to the fetched out encryption algorithm EANG.

[0292] (2) The network key management function 570 of the key managementwork station 500, with the user ID as a key, retrieves in the networkkey management data base 580 and fetches out a public key Q_(YID)corresponding to a master key of a reception side user for theencryption algorithm EBF before the conversion.

[0293] In case where the encryption algorithm is changed to theencryption algorithm EANG, there is a possibility that the master keycannot be used under the encryption algorithm EBF before the conversionof the reception side user. In this case, the network key managementfunction 570 determines whether the master key of the reception sideuser is compatible for conversion of the encryption algorithm and if itis determined that there is no compatibility, a new public key isgenerated for the reception side user.

[0294] As the new master key, the secret key d_(YIDC) is generated and apublic key QYIDC corresponding to this secret key is generated.

[0295] In the key management work station, both the encryption algorithmEBF before the conversion and encryption algorithm EANG after theconversion are supplied with a corresponding master key.

[0296] A secret key as a master key corresponding to the encryptionalgorithm EBF before the conversion is d_(c) and a public keycorresponding to this secret key is Q_(c).

[0297] It is assumed that the secret key which is a master key suitablefor the encryption algorithm EANG after conversion is d_(cc) and apublic key corresponding to this secret key is Q_(CG).

[0298] (3) The network key management function 570 creates the followingencrypted statement and signature data using the encryption algorithmEBF prior to the conversion.

[0299] 1: A scramble key K_(SB) for encrypting the encryption algorithmEANG and secret key d_(YIDC) with the encryption algorithm EBF prior tothe conversion and a descramble key K_(DB) for decrypting are generated.

[0300] 2: The encryption algorithm EANG and secret key d_(YIDC) isencrypted with the scramble key K_(SB) so as to create the encryptedstatement EBF_(KSB) (EANG) and encrypted statement EBF_(KSB) (d_(YIDC)).Further, the descramble key K_(DB) is encrypted with the fetched publickey Q_(YID) as a master key so as to create the encrypted statementEBF_(QYID)(K_(DB)).

[0301] 3: Signature producing computation is carried out on thegenerated secret key D_(YIDC) and public key Q_(YIDC) with theencryption algorithm EBF prior to the conversion and the secret keyd_(c) which is a master key of the key management work station 500, soas to create the signature data Sdc(d_(YIDC)) and signature dataS_(dc)(Q_(YIDC)).

[0302] 4: Signature producing computation is carried out on theencryption algorithm EANG with the encryption algorithm EBF prior to theconversion and the secret key d_(c) which is a master key of the keymanagement work station 500, so as to create signature data S_(dc)(EANG).

[0303] 5: Signature producing computation is carried out on the publickey Q_(CG) which is a master key of the key management work station 500to be applied to the encryption algorithm EANG after the conversion,with the encryption algorithm EBF prior to the conversion and the secretkey d_(c) which is a master key of the key management work station 500,so as to create signature data S_(dc) (Q_(CG)).

[0304] (4) The scramble function 530 creates the following encryptedstatement and signature data using the encryption algorithm EANG afterthe conversion.

[0305] 1: The plain text data MD is written as “confirmation ofdescramble function after algorithm conversion is terminated”.

[0306] A scramble key K_(SC) for encrypting the plain text data MD withthe encryption algorithm EANG after the conversion and a descramble keyK_(DC) for decrypting are generated. Next, the data MD is encrypted withthe scramble key K_(SC) so as to create the encrypted statementEANG_(KSC) (MD) and then the descramble key K_(DC) is encrypted with thepublic key Q_(YIDC) to be operated as a session key in the encryptionalgorithm after the conversion, so as to create the encrypted statementEANG_(QYIDC)(K_(DC)).

[0307] 2: Signature producing computation is carried out on thegenerated public key Q_(YIDC) and plain text data MD with the secret keyd_(cg) allocated as a master key of the key management work station 500with the encryption algorithm EANG after the conversion, so as to createsignature data S_(dcg)(Q_(YIDC)) and S_(dcg)(MD).

[0308] (5) The three encrypted statements EBF_(QYID)(K_(DB)),EBF_(KSB)(EANG), EBF_(KSB)(d_(YIDC)) produced in the above (3), foursignature data S_(dc)(d_(YIDC)), S_(dc)(Q_(YIDC)), S_(dc)(EANG) andS_(dc)(Q_(CG)), newly generated public key Q_(YIDC), public key Q_(CG)of the key management work station 500, the two encrypted statementsEANG_(KSC)(MD), EANG_(QYIDC)(K_(DC)) produced in the above (4), and twosignature data S_(dcg)(Q_(YIDC)), S_(dcg)(MD) are transmitted to areception side user as “encryption algorithm conversion request”. Here,the encrypted statement and signature data produced in the above (3) areinformation for converting the encryption algorithm of the receptionside user and the four encrypted statements and signature data producedin the above (4) are information for recognizing whether or not theconverted encryption algorithm functions properly after that encryptionalgorithm is converted.

[0309] The network key management function 570 stores the generatedpublic key Q_(YIDC) which is a master key of the reception side user inthe network key management data base 580 with a correspondence to theencryption algorithm EANG.

[0310] (6) Conversion of the encryption algorithm of the reception sideuser and updating its master key

[0311] The reception side user operates EBF as the encryption algorithmand possesses the secret key d_(YID) as its master key and the publickey Q_(c) of the key management work station 500 to be operated by theencryption algorithm EBF.

[0312] From the encrypted statement transmitted from the key managementwork station 500.

[0313] 1: The encrypted statement EBF_(QYID) (K_(DB)) is decrypted withthe secret key d_(YID) as the master key so as to obtain the descramblekey K_(DB). Next, the encrypted statement EBF_(KSB)(EANG) is decryptedwith this descramble key K_(DB) so as to obtain the encryption algorithmEANG. Signature verifying computation is carried out on the signaturedata S_(dc)(EANG) and the obtained encryption algorithm EANG with thepublic key Q_(C) of the key management work station 500 so as to ensurethat the obtained encryption algorithm EANG has been transmitted from aproper key management work station 500.

[0314] 2: The encrypted statement EBF_(KSB) (d_(YIDC)) is decryptedusing the descramble key K_(DB) and then a secret key d_(YIDC) isobtained as a master key of a given user to be operated on the convertedencryption algorithm EANG.

[0315] Using the public key Q_(C) of the key management work station500, signature verifying computation is carried out on the signaturedata S_(dc)(d_(YIDC)) and the obtained secret key d_(YIDC), so as todetermine whether or not the obtained secret key d_(YIDC) has beentransmitted from a proper key management work station 500. Likewise,signature verifying computation is carried out on the signature dataS_(dc)(Q_(YIDC)) and the public key Q_(YIDC) which is a transmittedmaster key using the public key Q_(C) of the key management work station500 so as to determine that the obtained public key Q_(YIDC) has beentransmitted from a proper key management work station 500.

[0316] 3: Signature verifying computation is carried out on thesignature data S_(dc)(Q_(CG)) and the public key Q_(CG) to be operatedon the transmitted encryption algorithm EANG converted of the keymanagement work station 500, using the public key Q_(C) of the keymanagement work station 500, so as to determine whether or not thetransmitted public key Q_(CG) is a public key sent from a proper keymanagement work station 500.

[0317] In this manner, the reception side user obtains the encryptionalgorithm EANG, a secret key d_(YIDC) as a master key, a public keyQ_(YIDC) corresponding to this secret key, and a public key Q_(CG) to beoperated on the converted encryption algorithm EANG of the keymanagement work station 500. Then, the obtained encryption algorithmEANG is registered in the encryption algorithm control data base 290 andthe encryption algorithm to be operated by the encryption algorithmcontrol function 220 is converted from the encryption algorithm EBF tothe encryption algorithm EANG.

[0318] If the master key of a reception side user is changed, the secretkey as the master key is updated from d_(YID) to d_(YIDC) by the keystructure control function 210.

[0319] (7) Confirmation of the descramble function 240 by the convertedencryption algorithm of a reception side user

[0320] An encrypted statement transmitted from the key management workstation 500 is decrypted by the descramble function 240 using aconverted encryption algorithm so as to determine whether or not thedescramble function 240 operates properly.

[0321] 1: The encrypted statement EANG_(QYIDC) (K_(DC)) is decryptedusing the secret key d_(YIDC) as a master key so as to obtain thedescramble key K_(DC).

[0322] 2: The encrypted statement EANG_(KSC) (MD) is decrypted with thedescramble key K_(DC) so as to obtain a plain text data MD. Next,signature verifying computation is carried out on the signature dataS_(dcg)(MD) and the obtained plain text data MD using the public keyQ_(CG) of the key management work station 500, so as to determine thatthe obtained plain text data MD has been transmitted from a proper keymanagement work station 500.

[0323] 3: It is confirmed that the plain text data MD is “confirmationof the descramble function after algorithm conversion is terminated”.Then, it is confirmed that the descramble function 240 operatesproperly.

[0324] (8) Driving the scramble function by the converted encryptionalgorithm at a reception side user

[0325] To ensure that the scramble function 230 of the convertedencryption algorithm operates properly, plain text data is set up,encrypted by the scramble function 230 and transmitted to the keymanagement work station 500.

[0326] 1: The plain text data MS is written as “algorithm conversionconfirmation test is terminated”. The scramble key K_(su) for encryptingthe aforementioned plain text data MS and the descramble key K_(DU) fordecrypting are generated with the encryption algorithm EANG after theconversion. Next, the plain text data MS is encrypted by the scramblekey K_(SU) so as to create an encrypted statement EANG_(KSU) (MS).Likewise, the descramble key K_(DU) is encrypted with the public keyQ_(CG) of the key management work station 500 so as to create theencrypted statement EANG_(QCG)(K_(DU)). Further, signature producingcomputation is carried out on the data MS using the secret key d_(YIDC)as a master key of a reception side user so as to produce the signaturedata S_(dYIDC) (MS).

[0327] 2: Two produced encrypted statements EANG_(QCG) (K_(DU)),EANG_(KSU)(MS), signature data S_(dYIDC)(MS), signature data S_(dcg)(Q_(YIDC)) transmitted from the key management work station 500, andpublic key Q_(YIDC) of a reception side user are returned to the keymanagement work station 500 as “encryption algorithm conversionconfirmation request”.

[0328] (9) Confirmation of the encryption algorithm conversion at thekey management work station 500

[0329] An encrypted statement returned from the reception side user isdecrypted so as to confirm that the scramble function 230 using theconverted encryption algorithm of the reception side user operatesproperly. Then, it is confirmed that the encryption algorithm after theconversion operates properly.

[0330] 1: The encrypted statement EANG_(QCG)(K_(DU)) is decrypted withthe secret key d_(cg) as a master key of the key management work station500 so as to obtain the descramble key K_(DU).

[0331] 2: The encrypted statement EANG_(ksu)(MS) is decrypted with thedescramble key K_(DU) so as to obtain plain text data MS.

[0332] 3: Signature verifying computation is carried out on thesignature data S_(dcg)(Q_(YIDC)) and the transmitted public key Q_(YIDC)of the reception side user using the public key Q_(cg) of the keymanagement work station 500, so as to confirm that the transmittedpublic key Q_(YIDC) of the reception side user has been transmitted froma proper reception side user.

[0333] 4: Signature verifying computation is carried out on thesignature data S_(dYIDC) (MS) and obtained plain text data MS, using thepublic key Q_(YIDC) of a reception side user, so as to confirm that theobtained plain text data MS has been transmitted from a proper receptionside user.

[0334] 5: It is confirmed that the obtained plain text data MS is“algorithm conversion confirmation test is terminated” and then it isconfirmed that the scramble function 230 of the reception side useroperates properly. Then, it is confirmed that the encryption algorithmafter the conversion operates properly.

[0335] The examples of the algorithm conversion of this embodiment havebeen described in the above (1)-(9). By this encryption algorithmconversion, it comes that the user U[A] and user U[B] share the sameencryption algorithm. Consequently, as shown in FIG. 12, cryptographiccommunication between the user U[A] and user U[B] is enabled.

[0336] In case when an encryption algorithm is converted, in thisembodiment, the secret key as a master key possessed by user and apublic key corresponding to this secret key are generated at the keymanagement work station.

[0337] Although these keys may be generated newly, it is possible togenerate them based on the keys prior to the conversion. The generationof the key will be described below.

[0338] In case of public key cipher also, the key length of the secretkey for use in the cryptographic communication, or bit number isincreased or decreased by the encryption algorithm conversion like thecase of the common key cipher.

[0339] To reduce the bit number of the key, redundant bit number of arear part of the secret key d_(YID) as a master key prior to theconversion of a reception side user is deleted and this is used as thesecret key d_(YIDC) as a new master key of the reception side user.

[0340] To prolong the bit number of the key, as shown in FIG. 15, arandom number YR is generated corresponding to a short bit number andthe YR is connected to d_(PYID) so as to obtain the secret key d_(YIDC)(d_(YIDC)=P_(YIDC)∥YR) as a new master key of a reception side user. Apublic key Q_(YIDC) (=P·d_(YIDC); · is computation on an ellipticalcurve) is determined corresponding to the generated secret key d_(YIDC).

[0341] Because there is a possibility that this public key Q_(YIDC) is asecret key of other user generated previously, the key management workstation 500 retrieves in the network encryption algorithm control database 590 so as to confirm that there is no same public key. If the samepublic key exists, a random number is generated again so as to generatea secret key as a master key.

[0342] Here, it is always possible to use 0 as YR.

[0343] As described, the encryption algorithm for operating the masterkey and session key employs an elliptical curve encryption algorithmwhich is different from the common key encryption algorithm. As aresult, duplex encryption method is constructed so as to improve thesecurity.

[0344] Next, a configuration of a case where the elliptical curve cipheris used as a public key cipher in the network communication system ofthe present invention will be described. The software function of thecase where the public key cipher is used is the same as the softwarefunction of the common key cipher shown in FIG. 2. As shown in anexample of a case where the aforementioned public key encryptionalgorithm is used, the master key of each user is the secret key d_(ID)and this secret key corresponds to a public key Q_(ID) (=d_(ID)·P: · iscomputation on elliptical curve) on computation of an elliptical curve.The encryption algorithm of the scramble key and descramble key isMULTI2 encryption algorithm as the common key encryption algorithm.

[0345] A fourth embodiment of the present invention will be described.Encryption algorithm conversion in encryption function incorporated in aportable information processing unit will be described here.

[0346] In the above described first-third embodiments, a plurality ofencryption algorithms exist in network communication system as shown inFIG. 1. The key management work station 500 grasps a condition of theencryption algorithm of each user and each time when a request forcryptographic communication occurs, it converts the encryption algorithmof each user as required so as to achieve the cryptographiccommunication between users.

[0347] Recently, an encryption function has been incorporated in aportable information processing unit, for example, portable terminalunit, IC card and the like and it is used for automatic payment ofelectronic money.

[0348] In case where user possesses an IC card as information processingunit in which an encryption function is incorporated and executesautomatic payment of electronic money, this IC card is inserted into areader which is an information processing unit installed on a retailercounter or the like, so that the payment is carried out by informationprocessing between the both.

[0349] In this case, if the IC card is connected to the key managementwork station to carry out encryption processing, a user's procedurebecomes complicated so that he or she feels a lot of inconvenience.

[0350] Hereinafter, an encryption algorithm conversion method preferablefor encryption algorithm conversion to be operated in a portableinformation processing unit (terminal, IC card and the like) will bedescribed.

[0351] If cryptographic communication is carried out in an cryptographiccommunication system operated by the public key encryption algorithmshown in FIG. 12, a transmission side user makes a “session key issuerequest” to the key management work station 500 as shown in FIG. 2 andreceives a public key Q_(YID) of a reception side user, signature dataS_(dc)(Q_(YID) ) of the public key_(YID), its own public key Q_(ID) andsignature data S_(dc)(Q_(ID)) of that public key Q_(ID) from the keymanagement work station 500.

[0352] Here, each user stores its own public key Q_(ID) and signaturedata S_(dc)(Q_(ID)) in the key structure control data base 180, 280.FIG. 16 shows cryptographic communication system operated by the publickey encryption algorithm (FIG. 25 shows the functional blocks of thismethod). Each user receives its own public key Q_(ID) and signature dataS_(dc)(Q_(ID)) of that public key Q_(ID) from the key management workstation 500 through a route indicated by dotted line of FIG. 16 andpossesses it in the key structure control data base of each user. Inthis case, the “session key issue request” for executing cryptographiccommunication may be made to a reception side user, but not to the keymanagement work station 500.

[0353] That is, the “session key issue request” is sent to the receptionside user and then, a public key Q_(YID) of that reception side user andsignature data S_(dc)(Q_(YID)) of this public key are received from thereception side user.

[0354] In the method shown in FIG. 16, it can be considered that thesecret key d_(ID) as a master key to be allocated to each user isgenerated by the key management work station 500 or each user.

[0355] 1: Method in which the secret key is generated by the keymanagement work station 500

[0356] If the secret key d_(ID) as a master key and a correspondingpublic key Q_(ID) are generated by the key management work station 500,user not accustomed to operation of the encryption algorithm feels veryconvenient.

[0357] However, how the generated secret key is distributed to each useris a problem.

[0358] In this embodiment, it is stored in such an electronic medium asan IC card and floppy disk and distributed to each user.

[0359] As a result, it is made possible for the key management workstation 500 to hold the generated secret key d_(ID) and for the keymanagement work station 500 to decrypt data encrypted with the publickey Q_(ID) corresponding to the user. Because the key management workstation 500 prevents grasping of user's information, according to thisembodiment, the generated secret key d_(ID) is provided with a keyrecovery function and stored in the network key structure data base 580with a correspondence to user ID, thereby disabling user to decrypt acipher text generated by user except when an unexpected event occurs.

[0360] Hereinafter, the key recovery function of this embodiment will bedescribed by taking cryptographic communication in which the key hasduplex hierarchical structure as an example. The key recovery functionadds information about decryption to an encrypted statement E_(KS)(M)and is capable of decrypting the encrypted statement without thedescramble key K_(D).

[0361] First, the key recovery function in cryptographic communicationbased on common key encryption algorithm will be described. That is,data to be transmitted by the user is assumed to be M. The data isencrypted with the scramble key K_(s) generated by the portableinformation processing unit so as to generate the encrypted statementE_(KS)(M). The descramble key K_(D) for decrypting this encryptedstatement is encrypted with the session key P_(T) transmitted from thekey management work station 500, so as to generate an encryptedstatement E_(PT)(K_(D)).

[0362] First, a procedure for producing additional data for providingwith the key recovery function when data is encrypted with the scramblekey K_(S) will be described with reference to FIG. 23.

[0363] (1) A random number is generated when the scramble key K_(s) isgenerated and the scramble key is expressed as K_(s)=K1 XOR K2 byexclusive OR between K1 and K2 (XOR is indicated by direct sum symbol inthe Figure).

[0364] (2) P1, P2 are used as a key for key recovery and stored with thekey recovery function of the portable information processing unit andkey management work station 500. K1, K2 generated for generating thescramble keys K_(s) are encrypted with the keys P1, P2 for key recoveryso as to produce encrypted statements E_(p1)(K1), E_(P2)(K2). This datais added to the encrypted statement E_(KS) (M) of data produced with thescramble key K_(s).

[0365] Next, a procedure for decrypting the encrypted statement withthis additional data will be described with reference to FIG. 24.

[0366] (1) Data E_(p1) (K1), E_(p2)(K2) added from the encryptedstatement are separated from each other and then K1, K2 are decryptedwith the keys P1, P2 for key recovery.

[0367] (2) An exclusive OR between K1 and K2 is obtained and withK_(s)=K1 XOR K2, the scramble key K_(S) is generated. In case of commonkey cipher, the scramble key K_(s) and descramble key K_(D) are thesame. The encrypted statement can be decrypted with this scramble keyK_(s).

[0368] If a necessity of decrypting the encrypted statement occursbecause an unexpected event is generated, the encrypted statement istransmitted to the key management work station 500. Consequently, theencrypted statement can be decrypted with the keys P1, P2 for keyrecovery in the aforementioned procedure.

[0369] Next, the key recovery function in the cryptographiccommunication based on the public key encryption algorithm will bedescribed. It is assumed that the scramble keys for use in encryption ofthe data M are K_(s) and the descramble keys are K_(D) and the publickey as a session key for distributing the descramble key is Q_(YID).Cryptographic communication is carried out by transmission of theencrypted statement E_(KS) (M) and encrypted descramble key E_(QYID)(K_(D)).

[0370] Here, a case where elliptical curve cipher is used as a publickey cipher will be described. The elliptical curve cipher has beendescribed in for example, “Quick Encryption Method Using EllipticalCurve” by Kazuo Takaragi and Hiroyuki Kurumatani, Technical Report ofIEICE ISEC97-15(1997-07).

[0371] First, key recovery function in which a threshold value logic isadded to encrypted descramble key E_(QYID)(K_(D)) will be described.

[0372] (1) In the key recovery function of the key management workstation 500, the public keys for key recovery Q_(A), Q_(b), Q_(c) areallocated and publicized and secret keys d_(A), d_(B), d_(c)(Q_(A)=d_(A)·P, Q_(B)=d_(B)·P, Q_(C)=d_(C)·P) corresponding to thepublic keys are stored. A threshold value logic computed by the keysQ_(YID), Q_(A), Q_(B), Q_(C) is added to the encrypted descramble keyE_(QYID)(K_(D)).

[0373] (2) Like the case where the common key cipher is used, uponcryptographic communication, data cannot be encrypted with the scramblekey K_(s) until the descramble key K_(D) is encrypted. The encryptedstatement E_(KS)(M) of data and the encrypted descramble keyE_(QYID)(K_(D)) are always generated in pair.

[0374] (3) If a necessity of decrypting an encrypted statement occursbecause an unexpected event is generated, the encrypted statementsE_(KS)(M) and E_(QYID)(K_(D)) of a pair are transmitted to the keymanagement work station 500.

[0375] The key recovery function decrypts with two of the secret keysd_(A), d_(B), d_(C) and the threshold value logic added to theE_(QYID)(K_(D)) to obtain the descramble key K_(D).

[0376] Next, the encrypted statement E_(KS)(M) is decrypted with thiskey K_(D) so as to obtain data M.

[0377] An encrypted statement of data M to be transmitted is created byencryption computation with the scramble key K_(s). Thus, like the keyrecovery function using the common key cipher (see FIG. 23 forencryption and FIG. 24 for decryption), it is permissible to express thescramble key K_(S) by exclusive OR between K1 and K2 and carry out keyrecovery using them. Although the keys P1, P2 for key recovery shown inFIGS. 23, 24 can be operated with the common key encryption algorithm,they can be also operated for key recovery with the public keys Q_(A),Q_(B).

[0378] In this case, data to be added to the encrypted statement E_(KS)(M) for key recovery are encrypted statements E_(QA)(K1), E_(QB)(K2)obtained by encrypting K1, K2 with public keys Q_(A), Q_(B). The keyrecovery is carried out by decrypting the added data using the secretkeys d_(A), d_(B) corresponding to the public keys Q_(A), Q_(B) in thekey recovery function of the key management work station 500.

[0379] 2: Method for generation by each user

[0380] A user accustomed to operation of the encryption algorithm iscapable of generating the secret key d_(ID) as a master key for use byhimself or herself and corresponding public key Q_(ID).

[0381] In this case, because the secret key d_(ID) as a master key to bepossessed by user is possessed only by the user, there is no possibilitythat an encrypted statement produced by the public key Q_(ID) may bedecrypted at the key management work station 500.

[0382] The user transmits the public key Q_(ID) generated correspondingto the secret key d_(ID) to the key management work station 500.

[0383] The key management work station 500 recognizes an identity of auser transmitting the public key Q_(ID), carries out signature producingcomputation on the transmitted public key Q_(ID) with the secret keyd_(c) possessed by the key management work station 500 and transmits thesignature data S_(dc) (Q_(ID)) to that user.

[0384] According to this embodiment, like the case indicated by 1:, thesecret key d_(ID) as a master key possessed by user is provided with keyrecovery function and stored in the network key structure data base 580with a correspondence to user ID.

[0385] Which the secret key d_(ID) as a master key possessed by eachuser and a corresponding public key Q_(ID) are to be generated by thekey management work station 500 or user is selected depending on usercondition.

[0386] If the above method is applied, cryptographic communication canbe achieved between the IC card (as a reception side user) and a reader(as a transmission side user) which is an information processing unitinstalled on a retailer counter or the like not through the keymanagement work station 500, with the IC card inserted in the reader.

[0387] If the encryption algorithms are different between the IC cardand reader which is the information processing unit, when user insertsthe IC card into the reader, cryptographic communication or paymentcannot be achieved until the encryption algorithm of the both are madeequal.

[0388] In this case, a necessity of converting the encryption algorithmoccurs. If this encryption algorithm conversion is possible in thecondition that the IC card is inserted in the reader which is theinformation processing unit installed on a retailer counter, user'sprocedure is simplified, thereby ensuring a lot of convenience.

[0389] Such encryption algorithm conversion will be described withreference to FIGS. 17 and 18.

[0390] In case of elliptical curve cipher, the encryption algorithm isdetermined by coefficients a and b of the elliptical curve Y²=X³+ax+b,characteristic p of coefficient, base point P and its order n. Thisencryption algorithm may be kept secret or public.

[0391] The public key Q and secret key d of an elliptical curve cipherare expressed as Q=d·P (· is computation on an elliptical curve) by thebase point P.

[0392] Even if the coefficients a and b of the elliptical curvey²=x³+ax+b are equal, it is possible to provide different encryptionalgorithms having the same encryption intensity by changing the basepoint P. If the coefficients a, b and characteristic p of thecoefficient are changed, the elliptical curve is changed, so that adifferent encryption algorithm is settled.

[0393] If the elliptical curve is generated so as to have almost equalkey length before and after the coefficients a, b and characteristic pof the coefficient are changed, a plurality of almost the sameencryption algorithms having different encryption intensity can beprovided.

[0394] In case where the coefficients a, b and characteristic p of thecoefficient are changed, the encryption intensity or key length can bechanged depending on a generation method of the elliptical curve.

[0395] Hereinafter, a case assuming that the encryption algorithm usedby the IC card is EBF and the encryption algorithm used by a reader asan information processing unit is EANG and the key length of the EANG islonger than that of the EBF will be described about other example of theencryption algorithm conversion.

[0396] Here, cryptographic communication system to which the encryptionalgorithm conversion is applied will be described with reference to FIG.21. This cryptographic communication system employs a hierarchicalstructure having a simplex cipher key. That is, this system does notemploy the scramble key and descramble key of the cryptographiccommunication system shown in FIG. 16.

[0397] First of all, data base about the key and encryption algorithmpossessed by the transmission side user, reception side user and networkmanagement work station will be described with reference to the softwarefunction of the network communication system shown in FIG. 3. In thisembodiment, the transmission side user corresponds to a reader as theinformation processing unit and the reception side user corresponds to aportable information processing unit such as an IC card.

[0398] With reference to FIG. 19, examples of information to be storedin the data base about the key and encryption algorithm will bedescribed.

[0399] (1) Data base of the key management work station 500

[0400] 1: Network encryption algorithm management data base 590

[0401] The data base stores encryption algorithms A[1], A[2], . . . A[N]of all the elliptical curves for use by this network communicationsystem, version numbers B[1], B[2], . . . B[N] corresponding to theencryption algorithms, secret keys d_(c)[1], d_(c)[2], . . . d_(c)[N] asa master key for use by the key management work station 500corresponding to the encryption algorithms, and public keys Q_(c)[1],Q_(C)[2], . . . Q_(C)[N] corresponding to the secret keys.

[0402] In the encryption algorithm EBF of this embodiment, the versionnumber BF, the secret key d_(c) as the master key and the public keyQ_(C) corresponding to this secret key are stored corresponding to theencryption algorithm EBF. Likewise, in the encryption algorithm EANG ofthis embodiment, the version number BG, the secret key d_(cg) as themaster key and the public key Q_(cg) corresponding to this secret keyare stored corresponding to the encryption algorithm EANG.

[0403] 2: Network key management data base 580

[0404] The network key management data base 580 stores user ID of userof an IC card or a reader which is an information processing unit,ID[1], ID[2], . . . ID[M], version numbers of the encryption algorithmfor use by this user, BP [1], BP[2], . . . BP[M], and the public keysfor use by the user with this encryption algorithm, Q_(ID)[1],Q_(ID)[2], . . . Q_(ID)[M] corresponding to the user ID.

[0405] The secret keys d_(ID)[1], d_(ID)[2], . . . d_(ID)[M] as themaster key for use by each user corresponding to the encryptionalgorithm are supplied with the key recovery function and storedcorresponding to each user ID.

[0406] (2) Data base of the transmission side user 100 (reader which isan information processing unit)

[0407] 1: encryption algorithm data base 190

[0408] (i) As information of the encryption algorithm operated by theuser, the encryption algorithm data base 190 stores encryption algorithmEANG, version number BG, public key Q_(cg) for use by the key managementwork station 500 under this encryption algorithm and signature dataS_(dcg)(EANG) of the key management work station 500 corresponding tothe encryption algorithm EANG.

[0409] Here, the signature data S_(dcg)(EANG) is obtained by carryingout signature producing computation on the encryption algorithm EANGwith the secret key d_(cg) as the master key for use by the keymanagement work station 500 under the encryption algorithm EANG.

[0410] (ii) As information about the encryption algorithm operated bythe network communication system, the encryption algorithms A[1], A[2],. . . A[N], corresponding version numbers B[1], B[2], . . . B[N], thepublic keys for use by the key management work station 500, Q_(C)[1],Q_(C)[2], . . . Q_(C)[N], and signature data of the key management workstation corresponding to the public key Q_(cg), S_(dc)[1](Q_(cg)),S_(dc)[2](Q_(cg)), . . . S_(dc)[N](Q_(cg)) are stored corresponding tothe encryption algorithms.

[0411] Here, the signature data S_(dc)[i](Q_(cg)) is obtained bycarrying out signature producing computation on the public key Q_(cg)with the secret key d_(c)[i] as the master key for use by the keymanagement work station 500 under the encryption algorithm A[i].

[0412] Specifically in the encryption algorithm EBF of this embodiment,the version number BF, public key Q_(c) and signature data S_(dc)(Q_(cg)) are stored corresponding to the encryption algorithm EBF.

[0413] Here, the signature data S_(dc)(Q_(cg)) is obtained by carryingout signature producing computation on the public key Q_(cg) with thesecret key d_(c) as the master key for use by the key management workstation 500 under the encryption algorithm EBF.

[0414] 2: Key structure management data base 180

[0415] The key structure management data base 180 stores the encryptionalgorithm to be operated by user, namely in this embodiment, the secretkey d_(ID) as the master key for use by the user under the encryptionalgorithm EANG, public key Q_(ID) corresponding to this secret key andsignature data S_(dcg)(Q_(ID)) obtained by carrying out signatureproducing computation on the public key Q_(ID) with the secret keyd_(cg) as the master key for use by the key management work station 500under the encryption algorithm EANG.

[0416] (3) Reception side user (IC card) 200 data base

[0417] 1: encryption algorithm data base 290

[0418] As information about the encryption algorithm operated by theuser, the encryption algorithm EBF, version number BF, public key Q_(c)for use by the key management work station 500 under this encryptionalgorithm and signature data S_(dc)(EBF) of the key management workstation 500 relative to the encryption algorithm EBF are stored.

[0419] Here, the signature data S_(dc)(EBF) is obtained by carrying outsignature producing computation on the encryption algorithm EBF with thesecret key d_(c) as the master key for use by the key management workstation 500 under the encryption algorithm EBF.

[0420] 2: Key structure management data base 280

[0421] The key structure management data base 280 stores the encryptionalgorithm to be operated by user, namely in this embodiment, the secretkey d_(YID) as the master key for use by the user under the encryptionalgorithm EBF, public key Q_(YID) corresponding to this secret key andsignature data S_(dc)(Q_(YID)) obtained by carrying out signatureproducing computation on the public key Q_(YID) with the secret keyd_(C) as the master key for use by the key management work station 500under the encryption algorithm EBF.

[0422] Above, the data base about the key and encryption algorithm whichare a presumption for the encryption algorithm conversion has beendescribed.

[0423] A public key for use by the key management work station 500,signature data produced with the secret key as a master key for use bythe key management work station 500, an encryption algorithm and aversion number corresponding thereto are stored in the transmission sideuser and reception side user data bases.

[0424] These data are distributed by the key management work station500.

[0425] Next, an example of encryption algorithm conversion to be carriedout between a transmission side user (reader which is an informationprocessing unit) and a reception side user (IC card) will be describedwith reference to FIGS. 17 and 18.

[0426] Although for encryption algorithm conversion, the ellipticalcurve encryption algorithm may be sent in open state, according to thisembodiment, it is sent in encryption state.

[0427] Here, assuming that as described previously, the key length ofthe EANG is longer than that of the EBF, a case where the encryptionalgorithm EBF of an IC card is converted to the encryption algorithmEANG will be described.

[0428] 1: User possessing an IC card purchases at a shop or the like andinserts the IC card into a reader as the information processing unit topay for purchased goods.

[0429] The cryptographic communication control function of the reader asthe information processing unit adds a version number BG to theoperating encryption algorithm EANG and sends a “session key issuerequest” to cryptographic communication control function 250 of the ICcard.

[0430] 2: If the version number of the encryption algorithm operated bythe IC card agrees with the BG, the IC card issues the public keypossessed by himself and the signature data of the public key andcarries out cryptographic communication with the reader as theinformation processing unit according to a procedure shown in FIG. 21.

[0431] However, the version number of the encryption algorithm EBFoperated by the IC card is BF, which is different from the transmittedversion number BG.

[0432] After recognizing that the version number is different, thecryptographic communication control function 250 adds BF to this versionnumber and sends an “encryption algorithm updating request” to thecryptographic communication control function 150 of a reader which is aninformation processing unit.

[0433] 3: Under the version number BF, the reader as the informationprocessing unit retrieves in the encryption algorithm data base 190 andfetches out the public key Q_(cg) of the key management work station 500operated with the encryption algorithm EANG and signature dataS_(dc)(Q_(cg)) obtained by carrying out signature producing computationon the public key Q_(cg) with the secret key d_(c) as a master key foruse by the key management work station 500 under the encryptionalgorithm EBF and transmits this public key Q_(cg) and the signaturedata S_(dc)(Q_(cg)) to the IC card.

[0434] 4: The IC card carries out signature verifying computation on thetransmitted public key Q_(cg) and signature data S_(dc) (Q_(cg)) usingthe public key Q_(c) of the key management work station 500 operatedunder the encryption algorithm EBF, so as to verify that the public keyQ_(cg) has been transmitted from the reader as a proper informationprocessing unit.

[0435] 5: Next, the IC card carries out signature producing computationon the public key Q_(YID) with the public key Q_(YID) of an IC cardoperated under the encryption algorithm EBF from the key structuremanagement data base 280 and the secret key d_(c) as a master key foruse by the key management work station 500 under the encryptionalgorithm EBF and fetches out the signature data S_(dc)(Q_(YID))distributed from the management work station 500, and then transmitsthis public key Q_(YID) and signature data S_(dc)(Q_(YID)) to the readeras an information processing unit.

[0436] 6: The reader as the information processing unit carries outsignature verifying computation on the received public key Q_(YID) andsignature data S_(dc)(Q_(YID)) using the public key Q_(c) of the keymanagement work station 500 operated under the encryption algorithm EBF,so as to verify that the public key Q_(YID) has been transmitted from aproper IC card.

[0437] 7: The reader as the information processing unit, encrypts theencryption algorithm EANG with the public key Q_(YID) by operating theencryption algorithm EBF so as to create the encrypted statementEBF_(QYID) (EANG).

[0438] At the same time, signature producing computation is carried outon the encryption algorithm EANG with the secret key d_(cg) as a masterkey for use by the key management work station 500 under the encryptionalgorithm EANG. Then, the signature data S_(dcg)(EANG) distributed fromthe management work station 500 is fetched out and the encryptedstatement EBF_(QYID)(EANG) and signature data S_(dcg)(EANG) aretransmitted to the IC card.

[0439] 8: The IC card decrypts the transmitted encrypted statementEBF_(QYID) (EANG) using the secret key d_(YID) possessed by the IC cardoperated under the encryption algorithm EBF so as to obtain theencryption algorithm EANG.

[0440] Next, the IC card converts the operating encryption algorithmfrom EBF to the obtained EANG, and carries out signature verifyingcomputation on the obtained encryption algorithm EANG and receivedsignature data S_(dcg)(EANG) using the public key Q_(cg) of the keymanagement work station 500 obtained in 4: so as to verify that this isan encryption algorithm distributed from a reader as a properinformation processing unit. As a result, updating of the encryptionalgorithm to this EANG is completed.

[0441] 9: Because the key length of the encryption algorithm EANG islonger than the encryption algorithm EBF, the secret key d_(YID) as themaster key of the IC card is used as a secret key of the encryptionalgorithm EANG as it is and a corresponding public key Q_(YIDC)(=P·d_(YID); · is computation on an elliptical curve) is generated fromthe base point P of the received encryption algorithm EANG.

[0442] The IC card returns the encryption algorithm to EBF temporarilyand carries out signature producing computation on the public keyQ_(YIDC) using the secret key d_(YID) under the encryption algorithm EBFso as to produce signature data S_(dYID) (Q_(YIDC)).

[0443] The IC card transmits the generated public key Q_(YIDC) andsignature data S_(dYID) (Q_(YIDC)) to the reader as an informationprocessing unit.

[0444] 10: The reader as the information processing unit converts theencryption algorithm to EBF temporarily and carries out signatureverifying computation on the received signature data S_(dYID)(Q_(YIDC))and public key Q_(YIDC) using the public key Q_(YID) obtained in 6:, soas to verify that it is a public key Q_(YIDC) of an IC card distributedfrom a proper IC card.

[0445] After that, the encryption algorithm is converted to theencryption algorithm EANG again.

[0446] 11: The reader as the information processing unit carries outsignature producing computation on the public key Q_(ID) with the publickey Q_(ID) for use by the reader as the information processing unitoperated under the encryption algorithm EANG sent from the key structuremanagement data base 180 and the secret key d_(cg) as a master key foruse by the key management work station 500 under the encryptionalgorithm EANG. Then, the signature data S_(dcg)(Q_(ID)) distributedfrom the management work station 500 is fetched out and this public keyQ_(ID) and the signature data S_(dcg)(Q_(ID)) are transmitted to the ICcard.

[0447] 12: The IC card carries out signature verifying computation onthe received signature data S_(dcg)(Q_(ID)) and public key Q_(ID) usingthe public key Q_(cg) of the key management work station 500 obtained in4: under the encryption algorithm EANG, so as to verify that it is apublic key Q_(ID) for the reader as an information processing unit,transmitted from the reader as a proper information processing unit.

[0448] 13: Consequently, the IC card and the reader as the informationprocessing unit share the encryption algorithm EANG and verifies thevalidities of the public keys (public key Q_(ID) of a reader as theinformation processing unit and public key Q_(YIDC) of the IC card). Bycarrying out data encryption with this public key, cryptographiccommunication, signature producing computation and signature verifyingcomputation can be executed between the IC card and the reader as theinformation processing unit, thereby enabling payment.

[0449] The key management work station 500 does not do anything in theabove described procedure.

[0450] However, because the IC card has no signature data of the keymanagement work station 500 regarding the converted public key Q_(YIDC),it cannot be used just as it is, but after the payment is settled, theencryption algorithm needs to be returned from EANG to EBF.

[0451] Next, an example for obtaining signature data of the keymanagement work station by the public key Q_(YIDC) converted by the ICcard will be described with reference to FIG. 18.

[0452] 1: The signature data S_(dYID) (Q_(YIDC)) produced with thesecret key d_(YID) under the encryption algorithm EBF for the public keyQ_(YIDC) of an IC card operated by the encryption algorithm EANG whosevalidity is verified, is transmitted from the IC card to the reader asthe information processing unit.

[0453] This signature data S_(dYID) (Q_(YIDC)), public key Q_(YIDC),public key Q_(YID) of an IC card operated with the encryption algorithmEBF, version number BF of the encryption algorithm EBF, version numberBG of the encryption algorithm EANG, and user ID of the IC card aretransmitted to the key management work station 500.

[0454] 2: With the user ID of the IC card as a key, the key managementwork station 500 retrieves in the network key management data base 580and verifies that the public key Q_(YID) of a received IC card exists.

[0455] Signature verifying computation is carried out on the signaturedata S_(dYID) (Q_(YIDC)) and public key Q_(YIDC) using the public keyQ_(YID) of the IC card so as to verify that it is a public key Q_(YIDC)of a proper IC card.

[0456] In the above procedure, it is verified that the public keyQ_(YIDC) is a public key of the IC card.

[0457] 3: Signature producing computation is carried out on this publickey Q_(YIDC) using the secret key d_(cg) of the key management workstation 500 operated with the encryption algorithm EANG so as to createsignature data S_(dcg)(Q_(YIDC)) and it is returned to the reader as theinformation processing unit.

[0458] The key management work station 500 updates a version number ofthe encryption algorithm stored corresponding to the user ID of the ICcard in the network key management data base 580 and the public key toBG and Q_(YIDC) respectively.

[0459] 4: The reader as the information processing unit transmits thissignature data S_(dcg)(Q_(YIDC)) to the IC card.

[0460] In the above processing, the IC card is capable of obtaining thesignature data S_(dcg)(Q_(YIDC)) of the key management work station 500for the public key Q_(YIDC).

[0461] In the above described embodiment, the key management workstation 500 verifies an existence of the public key Q_(YID) before theconversion and signature data of the public key Q_(YIDC) after theconversion thereby preventing an access of a false IC card.

[0462] The IC card possesses the public key Q_(YIDC) operated under theencryption algorithm EANG and signature data S_(dcg)(Q_(YIDC)) of thekey management work station 500 and is capable of operating theencryption algorithm EANG.

[0463] The key management work station only has to carry out signatureproduction and signature verifying computation on a public key generatedwith respect to the converted encryption algorithm. Thus, with the ICcard inserted into the reader as the information processing unit,encryption algorithm conversion can be carried out.

[0464] In this encryption algorithm conversion, user (IC card in thiscase) generates its own secret key and public key for a new encryptionalgorithm.

[0465] In this embodiment, it is specified that the secret keyspossessed by the user are the same for the encryption algorithm beforethe conversion and encryption algorithm after the conversion.

[0466] Such a secret key setting method is effective when the keylengths of the encryption algorithms mixing in a system vary and itcannot be specified which key length encryption algorithm the user isusing.

[0467] It can be considered that conversion of encrypting algorithm iscarried out to one which has a longer key which any user does not use.

[0468] In this case, if the key length of a secret key used by each useris the same as before the conversion, the key length used by every useris not increased although a key length permitted by the encryptionalgorithm is extended. In this case, a cipher attacker can attack with arange of the key length to be attacked limited to an original keylength. That is, it does not come that substantially the encryptionintensity is increased, even if the allowable key length is prolonged.

[0469] To avoid this event, a method in which the key length isprolonged as shown in FIG. 15 can be considered effective.

[0470] In this case, even if every user increases the key length basedon a random number, key management is made easier because the same keylength does not exist.

[0471] An attention has to be paid to only a user newly participating inthe system so that the same key may not exist.

[0472] The method for user to generate his or her own secret key andpublic key for a new encryption algorithm is applicable to ordinaryencryption algorithm conversion described in FIGS. 13, 14 and 11. Ifuser generates his or her own secret key, a possibility that the secretkey may be decrypted by the key management work station can be avoided.Hereinafter, an example for generating his or her own secret key withrespect to the encryption algorithm conversion will be described withreference to FIG. 20.

[0473] Although in the encryption algorithm conversion of this case, itis necessary to verify the scramble function and descramble function,this is the same method as described in FIGS. 13, 14 and 11 and only anencryption algorithm distribution method and a generation method for asecret key to be possessed by user himself will be stated here.

[0474] An operating condition of the public key encryption methodmentioned here employs the cryptographic communication method shown inFIG. 16 and FIG. 20 shows an example of the encryption algorithmconversion in this cryptographic communication method.

[0475] In this Figure, it is assumed that the encryption algorithmoperated by the reception side user is EBF and the encryption algorithmto be converted is EANG.

[0476] As described in FIGS. 13, 14 and 11, it is assumed that a secretkey as a master key to be operated by the key management work stationrelative to the encryption algorithm EBF is dc and a public keycorresponding to this secret key is Q_(c).

[0477] Likewise, it is assumed that the secret key as a master key forthe key management work station to operate the encryption algorithm EANGis d_(cg) and the public key corresponding to this secret key is Q_(cg).

[0478] On the other hand, it is assumed that the secret key as a masterkey to be operated by the reception side user for the encryptionalgorithm EBF is d_(YID) and the public key corresponding to this secretkey is Q_(YID).

[0479] The above described presumption is the same as shown in FIGS. 13,14 and 11 and an embodiment of the encryption algorithm conversion willbe described.

[0480] (1) The network key management function 570 of the key managementwork station 500 creates the following encrypted statement and signaturedata using the encryption algorithm EBF before the conversion.

[0481] 1: A scramble key K_(SB) for encrypting the encryption algorithmEANG and a descramble key K_(DB) for decrypting are generated with theencryption algorithm EBF before the conversion.

[0482] 2: The encryption algorithm EANG is encrypted with the scramblekey k_(SB) so as to create an encrypted statement EBF_(KSB)(EANG).

[0483] Further, the public key Q_(YID) as the master key of thereception side user is fetched out and the descramble key K_(DB) isencrypted so as to create an encrypted statement EBF_(QYID)(K_(DB)).

[0484] 3: Signature producing computation is carried out on theencryption algorithm EANG with the encryption algorithm EBF before theconversion and the secret key d_(c) which is a master key of the keymanagement work station 500 so as to create signature data S_(dc)(EANG).

[0485] 4: Signature producing computation is carried out on theencryption algorithm EBF before the conversion and the public key Q_(cg)as a master key of the key management work station 500 which is appliedto the encryption algorithm EANG after the conversion with the secretkey dc as the master key of the key management work station 500 so as tocreate signature data S_(dc)(Q_(cg)).

[0486] 5: Two produced encrypted statements EBF_(QYID) (K_(DB)),EBF_(KSB)(EANG), two signature data S_(dc)(EANG), S_(dc)(Q_(CG)) and thepublic key Q_(cg) of the key management work station 500 are transmittedto the IC card (the reception side user) via an IC card reader (notshown in FIG. 20).

[0487] (2) Reception side user's obtaining the encryption algorithm

[0488] The reception side user operates EBF as an encryption algorithmand possesses the secret key d_(YID) as a master key and a public keyQ_(c) of the key management work station 500 operated by the encryptionalgorithm EBF.

[0489] 1: An encrypted statement EBF_(QYID) (K_(DB)) is decrypted usingthe secret key d_(YID) as a master key so as to obtain the descramblekey K_(DB). Next, the encrypted statement EBF_(KSB)(EANG) is decryptedusing this descramble key K_(DB) so as to obtain the encryptionalgorithm EANG. Signature verifying computation is carried out on thesignature data S_(dc) (EANG) and obtained encryption algorithm EANGusing the public key Q_(c) of the key management work station 500 underthe encryption algorithm EBF and it is verified whether or not theobtained encryption algorithm EANG has been transmitted from the properkey management work station 500.

[0490] 2: Under the encryption algorithm EBF, signature verifyingcomputation is carried out on the signature data S_(dc) (Q_(cg)) and thepublic key Q_(cg) to be operated on the received encryption algorithmEANG converted by the key management work station 500 using the publickey Q_(C) of the key management work station 500 so as to verify thatthe transmitted public key is a public key of a proper key managementwork station 500.

[0491] In the above manner, the reception side user has obtained theencryption algorithm EANG and public key Q_(cg) to be operated on theencryption algorithm EANG of the key management work station 500. Then,the obtained encryption algorithm EANG is registered in the encryptionalgorithm management data base 290, and the encryption algorithm EANG aswell as EBF is made operable by the encryption algorithm managementfunction.

[0492] (3) Conversion of the key possessed by the reception side user

[0493] 1: With respect to the encryption algorithm EANG transmitted fromthe key management work station 500, the reception side user generates anew secret key d_(YIDC) as a master key which he owns himself.

[0494] The following three methods can be mentioned as a method forgenerating the secret key.

[0495] (a) Using the secret key d_(YID) operated with the encryptionalgorithm EBF as a secret key of the encryption algorithm EANG

[0496] (b) Generating a new secret key d_(YIDC) by adding a randomnumber to the secret key d_(YID) operated with the encryption algorithmEBF as shown in FIG. 15.

[0497] (c) Generating a new secret key d_(YIDC) according to informationof the encryption algorithm EANG.

[0498] The secret key d_(YIDC) to be possessed by the reception sideuser himself or herself is generated by any of these methods so as togenerate the public key Q_(YIDC) corresponding to this secret key.

[0499] Because the above method (c) has a possibility that the generatedsecret key may agree with a key of other user as described previously,it is necessary for the key management work station 500 to verify thatthere is no public key which the other user uses.

[0500] In case when an encryption algorithm EANG to be converted is anelliptical curve cipher, with the base point of this algorithm as P, thepublic key Q_(YIDC) is given as P·d_(YIDC) (· is computation onelliptical curve).

[0501] 2: The reception side user returns the encryption algorithm toEBF temporarily and carries out signature producing computation on thepublic key Q_(YIDC) using the secret key d_(YID) under this encryptionalgorithm EBF so as to create signature data S_(dYID()(Q_(YIDC)). Thegenerated public key Q_(YIDC), signature data S_(dYID) (Q_(YIDC)) andthe reception side user's ID are transmitted to the key management workstation 500 via the IC card reader (not shown in FIG. 20).

[0502] 3: The key management work station 500 returns the encryptionalgorithm to EBF and queries the network key management data base 580with the transmitted user ID as a key so as to fetch out the public keyQ_(YID) of a given reception side user. Next, signature verifyingcomputation is carried out on the transmitted public key Q_(YIDC) andsignature data S_(dYID) (Q_(YIDC)) using the public key Q_(YID) of thisreception side user so as to verify that this is a public key Q_(YIDC)transmitted from a proper reception side user.

[0503] Because the key management work station 500 queries the networkkey management data base 580 and recognizes the public key Q_(YID) ofthe reception side user, it is possible to prevent a false receptionside user from accessing this system.

[0504] In the above manner, the key management work station 500 obtainsthe public key Q_(YIDC) operated by the reception side user under theconverted encryption algorithm EANG. After that, the key management workstation 500 needs a series of procedure related to the encryptionalgorithm conversion, such as carrying out signature producingcomputation on the public key Q_(YIDC) operated by the reception sideuser by using the secret key d_(cg) as a master key operated under theencryption algorithm EANG, creating signature data S_(dcg)(Q_(YIDC)),sending it to the reception side user, verifying the scramble functionand descramble function. These are achieved by carrying out theprocedure for the encryption algorithm conversion described in FIGS. 13,14 and 11.

[0505] An example for user to generate his own key himself or herselffor a new encryption algorithm has been described. Finally, (1)conversion from a common key encryption algorithm to other public keyencryption algorithm and (2) conversion from the public key encryptionalgorithm to other common key encryption algorithm will be describedbelow.

[0506] (1) Conversion from a common key encryption algorithm to otherpublic key encryption algorithm

[0507] The embodiment of the encryption algorithm conversion from thecommon key encryption algorithm to other common key encryption algorithmhas been described with reference to FIGS. 8, 9 and 6.

[0508] In this case, it is assumed that the encryption algorithm beforethe conversion is EBF and the encryption algorithm after the conversionis EANG.

[0509] A case where the encryption algorithm will be converted from thecommon key encryption algorithm to other public key encryption algorithmwill be described assuming that the common key encryption algorithmbefore the conversion is EBF and the public key encryption algorithmafter the conversion is EANG to use the same symbols.

[0510] The public key encryption algorithm EANG after the conversion canbe encrypted with the common key encryption algorithm EBF before theconversion according to the embodiment shown in FIGS. 8, 9 and 6 anddistributed.

[0511] In case where the common key encryption algorithm is converted tothe public key encryption algorithm, it is necessary to generate a newsecret key and public key and verify the scramble function anddescramble function for a converted public key encryption algorithm.This series of key generation and functional verification can be carriedout according to the embodiment of the public key encryption algorithmconversion shown in FIGS. 13, 14 and 11.

[0512] (2) Conversion from the public key encryption algorithm to othercommon key encryption algorithm

[0513] The common key encryption algorithm is different from the publickey encryption algorithm in that no signature producing computation orsignature verifying computation is carried out.

[0514] Therefore, in case where the public key encryption algorithm isconverted to other common key encryption algorithm, the encryptionalgorithm conversion can be carried out in a procedure excluding thesignature producing and verifying computations in the embodiment of thepublic key encryption algorithm conversion shown in FIGS. 13, 14 and 11.

[0515] The embodiment of the encryption algorithm conversion has beendescribed above.

[0516] Whether or not the encryption algorithm conversion has beencarried out properly in the embodiment of the encryption algorithmconversion shown in FIG. 5, embodiment of the common key encryptionalgorithm conversion shown in FIGS. 8, 9 and 6 and embodiment of thepublic key encryption algorithm conversion shown in FIGS. 13, 14 and 11,is verified by operating the scramble function and descramble functionof cryptographic communication system, encrypting plain text data MD“confirmation of descramble function after the algorithm conversion isterminated” and plain text data MS “algorithm conversion confirmationtest is terminated”, transmitting the data and verifying whether or notthe data are successfully decrypted.

[0517] If a given plain text data MD or plain text data MS is notdecrypted in each process for confirmation of this encryption algorithmconversion, a response message to “encryption algorithm conversionoperation error” is transmitted and that given process is executedagain.

[0518] In a process for exchange of encryption algorithm conversion datain the embodiment of the public key encryption algorithm conversionshown in FIGS. 17, 18, 13, 14 and 11, signature verifying computation iscarried out on signature production data created under the public keyencryption algorithm. If an error occurs in the signature productiondata as a result of this signature verifying computation, a responsemessage “encryption algorithm conversion operation error” is transmittedand that given process is executed again.

[0519] If the plain text data MD or plain text data MS is not decryptedafter that reexecution or an error occurs in the signature productiondata as a result of the signature verifying computation, a responsemessage “encryption algorithm conversion abnormal termination” istransmitted and then the encryption algorithm conversion process isinterrupted.

[0520] If such a response “encryption algorithm conversion abnormaltermination” occurs, cryptographic communication system components areinspected in viewpoints of hardware and software.

[0521] Although FIGS. 13, 14 and 11 show the embodiments of the publickey encryption algorithm conversion, if the encryption algorithmconversion is not carried out or if the encryption algorithm is the sameand therefore, not distributed, the key management station sends aprocedure for distributing a key for use by user for key updating,deletion and the like. Although in the embodiment of the public keyencryption algorithm conversion shown in FIGS. 17 and 18, the processfor encryption algorithm conversion confirmation by the plain text dataMD and MS has not been described, the encryption algorithm conversionconfirmation can be carried out by encrypting the plain text data MD andMS with the public key based on the encryption algorithm and sendingthem according to the embodiment shown in FIGS. 13, 14 and 11.

[0522] According to the present invention, the encryption algorithm canbe distributed with the safety and further, converted in a conditionthat time and labor required for the distribution are reduced.

[0523] Further, by the above-mentioned encryption algorithm conversion,encryption algorithms operated by plural users are capable of sharingthe same encryption algorithm or that shared encryption algorithm can bechanged to other encryption algorithm.

What is claimed is:
 1. A cryptographic communication method wherein when different encryption algorithms are operated at a transmission side and a reception side, the transmission side encrypts an encryption algorithm operated at the transmission side with an encryption algorithm operated at the reception side and transmits the encrypted algorithm to the reception side.
 2. A cryptographic communication method wherein information on an encryption algorithm operated at a transmission side and information on an encryption algorithm operated at a reception side are obtained from the transmission side and when different encryption algorithms are operated at the transmission side and the reception side, an encryption algorithm operated at the transmission side is encrypted with an encryption algorithm operated at the reception side and transmitted to the reception side.
 3. A cryptographic communication method as claimed in claim 2 wherein signature data produced based on a public key preliminarily allocated to the transmission side is supplied to the reception side with said encryption algorithm operated at the transmission side with the encryption algorithm operated at the reception side.
 4. A cryptographic communication method as claimed in claim 2 wherein signature data produced based on a public key preliminarily allocated to the transmission side is supplied to the transmission side together with said encryption algorithm operated at the transmission side encrypted with the encryption algorithm operated at the reception side and transmitted to the reception side.
 5. An encryption algorithm sharing management method for sharing an encryption algorithm for cryptographic communication, comprising the steps of: from a user of a transmission side, obtaining a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side; and querying a data base in which user identifiers indicating users and their corresponding encryption algorithms are preliminarily described, so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption algorithm operated by the user of the reception side, wherein if said encryption algorithm operated by the user of the transmission side is different from said encryption algorithm operated by the user of the reception side, data indicating said encryption algorithm operated by the user of the transmission side is encrypted with said encryption algorithm operated by the user of the reception side and transmitted to the user of the reception side.
 6. An encryption algorithm sharing management method for sharing an encryption algorithm for cryptographic communication, comprising the steps of: from a user of a transmission side, obtaining a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side; querying a data base in which user identifiers indicating users, corresponding encryption algorithms and encryption keys thereof, are preliminarily described so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption key thereof and an encryption algorithm operated by the user of the reception side and an encryption key thereof, wherein if said encryption algorithm operated by the user of the transmission side is different from said encryption algorithm operated by the user of the reception side, data indicating said encryption algorithm operated by the user of the transmission side and an encryption key produced based on the encryption key operated by the user of the reception side corresponding to a key length of said encryption algorithm operated by the user of the transmission side is encrypted with said encryption algorithm operated by the user of the reception side and transmitted to the user of the reception side.
 9. A network communication system composed by connecting a plurality of users, comprising at least one encryption key management station to be connected from a user of a transmission side, said encryption key management station obtaining, from the user of the transmission side, information indicating an encryption algorithm operated by the user of the transmission side and information indicating an encryption algorithm operated by a user of a reception side and if different encryption algorithms are operated by the user of the transmission side and the user of the reception side, encrypting the encryption algorithm operated by the user of the transmission side with the encryption algorithm operated by the user of the reception side and transmitting it to the user of the reception side.
 10. A network communication system composed by connecting a plurality of users, comprising at least one encryption key management station to be connected from a user of a transmission side, said encryption key management station comprising a data base in which a correspondence between a user identifier indicating a user and an encryption algorithm operated by said user is preliminarily described about each user; wherein when a communication is carried out from the user of the transmission side to a user of a reception side, a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side are obtained from the user of the transmission side and said data base is queried with the obtained identifiers as a key so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption algorithm operated by the user of the reception side, and if the encryption algorithm operated by the user of the transmission side is different from the encryption algorithm operated by the user of the reception side, the encryption algorithm operated by the user of the transmission side is encrypted with the encryption algorithm operated by the user of the reception side and transmitted to the user of the reception side.
 11. An encryption algorithm sharing management method for sharing an encryption algorithm for cryptographic communication, comprising the steps of: from a user of a transmission side, obtaining a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side; and querying a data base in which user identifiers indicating users and their corresponding encryption algorithms, are preliminarily described so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption algorithm operated by the user of the reception side; wherein if said encryption algorithm operated by the user of the transmission side is different from said encryption algorithm operated by the user of the reception side, data indicating said encryption algorithm operated by the user of the reception side is encrypted with said encryption algorithm operated by the user of the transmission side and transmitted to the user of the transmission side.
 12. An encryption algorithm sharing management method for sharing an encryption algorithm for cryptographic communication, comprising the steps of: from a user of a transmission side, obtaining a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side; querying a data base in which user identifiers indicating users, corresponding encryption algorithms and encryption keys thereof, are preliminarily described so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption key thereof and an encryption algorithm operated by the user of the reception side and an encryption key thereof, wherein if said encryption algorithm operated by the user of the transmission side is different from said encryption algorithm operated by the user of the reception side, data indicating said encryption algorithm operated by the user of the reception side and an encryption key produced based on the encryption key operated by the user of the transmission side corresponding to a key length of said encryption algorithm operated by the user of the reception side is encrypted with said encryption algorithm operated by the user of the transmission side and transmitted to the user of the transmission side.
 15. A network communication system composed by connecting a plurality of users, comprising at least one encryption key management station to be connected from a user of a transmission side, said encryption key management station obtaining, from the user of the transmission side, information indicating an encryption algorithm operated by the user of the transmission side and information indicating an encryption algorithm operated by a user of a reception side, and if different encryption algorithms are operated by the user of the transmission side and the user of the reception side, encrypting the encryption algorithm operated by the user of the reception side with the encryption algorithm operated by the user of the transmission side and transmitting it to the user of the transmission side.
 16. A network communication system composed by connecting a plurality of users, comprising at least one encryption key management station to be connected from a user of a transmission side, said encryption key management station comprising a data base in which a correspondence between a user identifier indicating a user and an encryption algorithm operated by said user is preliminarily described about each user; wherein when a communication is carried out from the user of the transmission side to a user of a reception side, a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side are obtained from the user of the transmission side, and said data base is queried with the obtained identifiers as a key so as to obtain an encryption algorithm operated by the user of the transmission side and an encryption algorithm operated by the user of the reception side, and if the encryption algorithm operated by the user of the transmission side is different from the encryption algorithm operated by the user of the reception side, the encryption algorithm operated by user of the reception side is encrypted with the encryption algorithm operated by the user of the transmission side and transmitted to the user of the transmission side.
 17. A cryptographic communication method wherein if different encryption algorithms are operated by a transmission side and a reception side, an encryption algorithm operated by the reception side is encrypted with an encryption algorithm operated by the transmission side and transmitted to the transmission side.
 18. A cryptographic communication method wherein information indicating an encryption algorithm operated by a transmission side and information indicating an encryption algorithm operated by a reception side are obtained from the transmission side and when different encryption algorithms are operated by the transmission side and the reception side, the encryption algorithm operated by the reception side is encrypted with the encryption algorithm operated by the transmission side and transmitted to the transmission side.
 19. A cryptographic communication method as claimed in claim 18 wherein signature data produced based on a public key preliminarily allocated to the reception side is supplied to the transmission side with the encryption algorithm operated by the reception side encrypted with the encryption algorithm operated by the transmission side.
 20. An encryption algorithm sharing management method for sharing an encryption algorithm for cryptographic communication, comprising the steps of: from a user of a transmission side, obtaining a user identifier indicating the user of the transmission side and a user identifier indicating a user of a reception side; querying a data base in which user identifiers indicating users and corresponding encryption algorithms are preliminarily described so as to obtain an encryption algorithm operable by the user of the transmission side and an encryption algorithm operable by the user of the reception side; determining whether or not there is an encryption algorithm operable by the user of the transmission side and the user of the reception side commonly; and if the commonly operable encryption algorithm exists, the user of the transmission side is notified that cryptographic communication at the user of the transmission side and the user of the reception side is enabled.
 21. An encryption algorithm sharing management method as claimed in claim 20 wherein: if the commonly operable encryption algorithm exists, information indicating the commonly operable encryption algorithm is transmitted to the user of the transmission side and if the commonly operable encryption algorithm does not exists, the user of the reception side is notified that cryptographic communication at the user of the transmission side and the user of the reception side is disabled.
 22. An encryption algorithm conversion method for converting a first encryption algorithm to a second encryption algorithm comprising: querying a data base in which user identifiers indicating users, corresponding encryption algorithms and encryption keys thereof, are preliminarily described for a user, whose encryption algorithm is to be converted as a key, so as to obtain a first encryption algorithm operated by the user whose encryption algorithm is to be converted and a first encryption key thereof; and with a first management secret key preliminarily allocated for management and applied to the firs encryption algorithm, supplying first and second signature data for the first encryption key and a second encryption key, public key data obtained by encrypting a second public key corresponding to a second management secret key applied to a second encryption algorithm preliminarily allocated for management with the first encryption algorithm, the second encryption algorithm encrypted with the first encryption algorithm and signature data produced based on the second management secret key to the user whose encryption algorithm is to be converted.
 23. A cryptographic communication method wherein information concerning a first encryption algorithm is encrypted with a second encryption algorithm, and encrypted information including said information concerning said first encryption algorithm is transmitted from a first side to a second side, or from said second side to said first side.
 24. A terminal device for transmitting or receiving information, where said terminal device encrypts information concerning a fist encryption algorithm with a second encryption algorithm, and transmits or receives encrypted information including said information concerning said first encryption algorithm. 